Greg Kilminster
Head of Product - Content
FCA imposes first enforcement action on crypto firm CB Payments
The Financial Conduct Authority (FCA) has levied a £3,503,546 fine on CB Payments Limited (CBPL) for contravening regulatory requirements designed to mitigate financial crime risks. CBPL, a subsidiary of the Coinbase Group, facilitates the trading of cryptoassets but is not authorised to engage directly in such activities within the UK. Despite a voluntary requirement (VREQ) imposed in October 2020 to halt onboarding high-risk customers, CBPL failed to comply, resulting in significant breaches over nearly two years.
Breaches identified
CBPL onboarded 13,416 high-risk customers and facilitated deposits of approximately USD $24.9 million. These funds were used to execute multiple cryptoasset transactions totalling around USD $226 million. This contravention occurred despite restrictions aimed at bolstering CBPL's financial crime control framework.
Control failures
The FCA attributed the breaches to CBPL’s inadequate design, implementation, and monitoring of necessary controls. The firm’s automated systems failed to prevent high-risk customers from accessing services, and significant monitoring lapses allowed violations to persist undiscovered for nearly two years.
Regulatory response
This enforcement marks the first time the FCA has exercised its powers under the Electronic Money Regulations 2011. CBPL’s agreement to resolve the matter early resulted in a 30% reduction of its fine.
Therese Chambers, joint executive director of Enforcement and Market Oversight at the FCA, emphasised the critical nature of robust financial crime controls within firms that enable crypto trading, citing the increased risks posed by cryptoassets in money laundering.
The FCA will maintain stringent oversight of CBPL and other firms in the cryptoasset sector to ensure compliance with financial crime regulations. CBPL is expected to continue enhancing its financial crime framework to meet regulatory standards.
Click here to read the full RegInsight on CUBE’s RegPlatform
Four high street banks breach CMA rules
The UK’s Competition and Markets Authority (CMA) has announced that HSBC, Lloyds, TSB, and Allied Irish Bank (AIB) failed to comply with regulations established to improve transparency and fairness in the retail banking market. The breaches were identified under the Retail Banking Market Investigation Order 2017, which mandates accurate customer information regarding products and services, including correct interest rates and the locations of branches and ATMs. The Order also supports 'Open Banking,' which aims to enhance service innovation and consumer choice through secure data sharing.
The individual breaches were as follows.
HSBC
- Failed to update information for 167 closed branches and omitted details of two open branches.
- Listed incorrect annual rates for business loans and overdrafts.
- Provided inaccurate maximum charges for unarranged overdrafts on Personal Current Accounts.
TSB
- Did not disclose maximum charges for unarranged overdrafts on Personal Current Accounts.
AIB
- Published incorrect annual rates for loans and overdrafts both through Open Banking and on its website.
Lloyds
- Failed to provide addresses for 363 ATMs through Open Banking.
The CMA has closely monitored compliance, requiring banks to report non-compliance within 14 days. Lloyds, TSB, and AIB are implementing changes to prevent future breaches. HSBC, having committed more extensive violations, must follow detailed CMA directions to achieve full compliance.
The press release notes that the CMA will continue to enforce compliance rigorously. HSBC is required to adhere to an action plan to rectify its breaches. Dan Turnbull, Senior Director at the CMA, emphasised the importance of trust and accurate information for consumers making financial decisions, expressing disappointment over HSBC's repeated non-compliance. The CMA's ongoing efforts aim to ensure all banks meet the required standards, fostering consumer confidence in their financial services.
Click here to read the full RegInsight on CUBE’s RegPlatform
HMT consults on TCFD-aligned disclosure in annual reports
HM Treasury (HMT) has published this Exposure Draft to consult on new climate-related financial disclosures for central government bodies. These are based on the Task Force on Climate-related Financial Disclosures (TCFD) recommendations.
Some context
This disclosure framework is an essential component of the UK central government performance reporting framework, aimed at enhancing transparency and public accountability. It follows a phased implementation approach, with this document marking the final stage.
Key takeaways
The guidance provided in this document builds upon the TCFD-aligned disclosure application guidance—Phase 1 and Phase 2—published in March 2024 and covers the entire UK public sector, as defined by the Whole of Government Accounts boundary. Phase 3 outlines the disclosure requirements for the third year of implementation, incorporating the TCFD strategy recommended disclosures.
The proposed effective date for this guidance is 1 April 2025.
Next steps
The deadline for feedback is 19 September 2024.
Click here to read the full RegInsight on CUBE’s RegPlatform
US banking regulators seek input on reducing regulatory burdens
The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) have issued a second notice inviting public comments on efforts to streamline regulatory requirements.
Some context
This initiative is part of the Economic Growth and Regulatory Paperwork Reduction Act of 1996, which mandates a decennial review of regulations to identify outdated or unnecessary requirements.
Key takeaways
- Regulatory review: The review process has segmented regulations into 12 categories. The current phase focuses on Consumer Protection, Directors, Officers, and Employees, and Money Laundering. Stakeholders have 90 days from the notice's publication in the Federal Register to submit comments on these specific regulations.
- Public involvement: Over the next two years, comments will be solicited for all regulation categories. The goal is to pinpoint regulations that may be obsolete, redundant, or excessively burdensome.
- Outreach meetings: The agencies plan to hold outreach meetings, providing a platform for interested parties to voice their concerns and suggestions directly. Details of these meetings will be announced as they are finalized.
Next steps
Stakeholders, including financial institutions and the public, are encouraged to participate in the review process by submitting comments and attending outreach meetings. This collaborative effort aims to ensure that regulatory frameworks remain effective and efficient, balancing the need for oversight with the goal of reducing undue burden on supervised institutions.
Click here to read the full RegInsight on CUBE’s RegPlatform
US Federal agencies issue RFI on bank-fintech partnerships and statement on banks’ partnerships with third parties
The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (collectively the agencies) have issued a request for information (RFI) on bank-fintech arrangements and a joint statement on banks’ partnerships with third parties to offer bank deposit products and services to end users.
Commenting on both publications, Federal Reserve Governor Michelle W Bowman stated, "While I am supporting the RFI, my support should not be construed as future support for any potential guidance or rulemaking that could result from this RFI. I remain concerned about both the risk of pushing out innovation from the regulated banking system and the sheer volume of new guidance and rules for banks of all sizes[...]And concurrent with the RFI, the agencies are publishing a statement that contains significant and material overlaps with the RFI, focusing on deposit-based bank-fintech relationships. While much of the content of this statement could be constructive, I am concerned about the timing of releasing the statement concurrently with the RFI. "
The RFI aims to gather feedback on the nature of bank-fintech arrangements, including their benefits and risks, effective risk management practices, and the need for potential enhancements to existing supervisory guidance to address associated risks. Comments on the RFI must be submitted within 60 days of its publication in the Federal Register.
The joint statement addresses banks’ collaborations with third parties to deliver deposit products and services, such as checking and savings accounts, to end users. It underscores the potential risks associated with these arrangements and showcases examples of risk management practices employed by banks to mitigate such risks. The joint statement does not introduce new supervisory expectations or alter existing legal or regulatory requirements but reinforces existing guidance.
Click here to read the full RegInsight on CUBE’s RegPlatform
FRC publishes latest annual enforcement review
The Financial Reporting Council (FRC) has published its sixth annual enforcement review, summarising its enforcement activities for the year ending 31 March 2024. The report analyses significant cases concluded in the past year, highlighting important themes and lessons learned. It also outlines the FRC's enforcement approach and gives detailed information on the sanctions imposed during the year.
Some key highlights include:
- Forty cases were opened in the year, compared with 70 in the previous year. The decrease is mainly due to a decline in referrals from other FRC teams.
- Audit investigations highlighted recurring themes, including objectivity and integrity, lack of scepticism, insufficient audit evidence, audit planning, going concern, revenue recognition, disclosures, risk of fraud, and audit documentation.
- The financial sanctions imposed on KPMG and two former audit engagement partners in relation to serious failures identified in the firm’s audits of Carillion represented the major proportion of the global figure both before and after the application of settlement discounts (£30.6 million and £21.4 million against total financial sanctions of £48.2 million and £33.1 million respectively).
- Oliver Clive & Co, PwC, and EY were imposed financial sanctions of £60,000 (adjusted to £42,000 after settlement discount), £7 million (adjusted to £4.9 million after settlement discount), and £7 million (adjusted to £4.41 million after settlement discount), respectively.
- The remaining audit matters sanctioned during the year were KPMG’s audit of M&C Saatchi plc, where a financial sanction of £2.25 million was imposed.
Click here to read the full RegInsight on CUBE’s RegPlatform
PRA issues SoP on its approach to rule permissions and waivers
The Prudential Regulation Authority (PRA) has issued policy statement (PS) 12/24 including the PRA’s final statement of policy (SoP) outlining its approach to rule permissions and waivers. This approach enables the PRA to grant permissions, modifications, or waivers to firms under specific criteria outlined in Section 138BA of the Financial Services and Markets Act (FSMA) 2023.
Some context
In the consultation paper (CP) 3/24 issued in January 2024, the PRA proposed a new SoP with three key messages:
- The PRA will communicate the criteria or factors expected to be taken into account when assessing specific rule permissions under s138BA of FSMA in subject-specific SoPs that the PRA may publish.
- For applications made under s138BA of FSMA for rule permissions where approval criteria have not been set out in subject-specific SoPs, the PRA expects to consider, and place significant weight upon, the statutory criteria that apply to the PRA’s power under s138A of FSMA.
- Applications under both s138BA and s138A of FSMA for rule permission and waivers should be accompanied by detailed information and evidence demonstrating how the relevant criteria are met.
In addition, the PRA encourages firms wishing to apply for the modification or waiver of a rule where the PRA has not set out criteria for a rule permission to apply under the PRA’s general modification and waiver power in s138A of FSMA. Also, where the PRA has not set out specific criteria in relation to a s138BA rule permission, it will consider the criteria set out under s138A in assessing any application under s138BA.
Key takeaways
Following the responses to CP3/24, the PRA has made two amendments to the draft SoP to clarify:
- What the PRA generally expects to include in a subject-specific SoP.
- That there may be exceptional circumstances where it may be appropriate to grant a s138BA permission for which it has not set out criteria despite the s138A statutory tests not being met.
Next steps
The SoP takes effect on 25 July 2024.
Click here to read the full RegInsight on CUBE’s RegPlatform
European banking supervision: evolving with the times
In a presentation made to the Peterson Institute for International Economics, Claudia M Buch, Chair of the Supervisory Board of the European Central Bank (ECB), highlighted the significant transformations in the European banking supervision landscape. Buch’s presentation noted the need for dynamic supervisory reforms in response to an evolving risk environment marked by economic upheavals and geopolitical tensions.
The changing risk environment
Over the past two decades, the European banking sector has weathered numerous storms. The 2007-08 global financial crisis and the subsequent European sovereign debt crisis from 2010-13 revealed deep vulnerabilities in the banking system. These events prompted the establishment of the Banking Union and the Single Supervisory Mechanism (SSM) in 2014, centralising the oversight of significant banks under the ECB's purview.
More recent challenges include the COVID-19 pandemic in 2020, the Russian invasion of Ukraine in 2022, the ensuing energy crisis, and an inflation shock that has tested the resilience of banks. 2024 has also seen turmoil in international banking markets, underscoring the need for robust and adaptive supervisory frameworks.
Responding to risks
The ECB, in collaboration with national supervisory authorities, has implemented the Supervisory Review and Evaluation Process (SREP) to rigorously assess the health and risk management practices of banks. SREP evaluations focus on four critical areas:
- Business model viability: Ensuring that banks have sustainable and profitable business models.
- Risk management and governance: Evaluating the effectiveness of banks' risk controls and governance frameworks.
- Capital adequacy: Assessing whether banks hold sufficient capital to absorb potential losses.
- Liquidity and funding risks: Reviewing banks' liquidity positions to ensure they can meet short-term obligations.
These assessments are crucial in maintaining the stability of the banking sector, identifying areas for improvement, and taking corrective measures where necessary.
Organisational structure and cooperation
The SSM’s framework ensures close cooperation between the ECB and national competent authorities. This collaborative approach involves joint supervisory teams overseeing significant institutions, while national authorities maintain direct supervision of less significant institutions. The Supervisory Board coordinates these efforts, ensuring a consistent and comprehensive supervisory regime across Europe.
Enhancing resilience
Over the past decade, European banks have made significant strides in enhancing their resilience. Key indicators such as the Common Equity Tier 1 (CET1) ratio and leverage ratios have improved steadily, reflecting stronger capital positions. Non-performing loan (NPL) ratios have declined markedly, indicating better asset quality. Additionally, liquidity ratios, including the liquidity coverage ratio and the net stable funding ratio, have improved, bolstering banks' ability to withstand financial stress.
Supervisory priorities for 2024-2026
Buch outlined the SSM's supervisory priorities for the next three years, aimed at addressing emerging risks and strengthening the resilience of the banking sector:
- Strengthening resilience to macro-financial and geopolitical shocks: This involves ensuring that banks can withstand economic downturns and geopolitical disruptions.
- Improving governance and managing climate-related risks: Accelerating efforts to address shortcomings in governance and integrating climate-related and environmental risks into risk management frameworks.
- Advancing digital transformation and operational resilience: Promoting digital innovation while ensuring robust operational resilience to guard against cyber threats and other disruptions.
Independent expert review and reform objectives
An independent expert group recently reviewed the SREP, acknowledging its success in enhancing the resilience of European banks and promoting a level playing field. However, the review also highlighted the need for recalibration to address the current risk environment more effectively.
In response, the ECB's Supervisory Board has initiated several reforms to the supervisory process, focusing on:
- Risk assessment focus: Implementing a multi-year risk assessment framework and a risk tolerance framework to prioritise and focus risk assessments.
- Integration of supervisory activities: Better planning and coordination of supervisory activities to leverage synergies and optimise resources.
- Utilisation of the supervisory toolkit: Enhancing the use of supervisory tools and escalating issues more promptly to ensure timely remediation.
- Streamlined communication: Making SREP decisions clearer, more concise, and timely to facilitate better understanding and compliance by banks.
- Stable methodologies: Ensuring consistency in supervisory methodologies to concentrate on emerging risks.
- Efficient use of IT and data analytics: Leveraging advanced IT systems and data analytics to improve efficiency and focus on higher-value tasks.
Conclusion
As the risk landscape continues to evolve, European banking supervision must remain agile and proactive. The reforms spearheaded by the ECB aim to bolster the resilience of the banking sector, ensuring that it can navigate future challenges effectively. By fostering strong supervisory and regulatory standards, enhancing operational and financial resilience, and addressing risks beyond the banking sector, the ECB is committed to safeguarding financial stability in Europe.
Click here to read the full RegInsight on CUBE’s RegPlatform
AFCA issues Approach documents schedule
The Australian Financial Complaints Authority (AFCA) has published its annual Approach documents schedule for the 2024-2025 financial year. This schedule aims to give stakeholders advance notice of the issues on which AFCA will seek feedback during the year.
The 2024-2025 schedule includes the following Approach documents that will be developed or updated for further consultation throughout the year:
Banking and Finance:
- Approach to Joint Accounts and Family Violence
- Approach to Elder Financial Abuse
Superannuation jurisdiction:
- Approach to sections 29 (6) and (7) of the Insurance Contracts Act 1984 (Cth) (ICA)
- Approach to delayed insurance claims in superannuation
- Approach to superannuation death benefits
General insurance:
- Approach to claims handling
- Approach to the duty to take reasonable care not to make a misrepresentation – general insurance
- Approach to non-disclosure and misrepresentation – general insurance
Life insurance (non-superannuation jurisdiction):
- Approach to the duty to take reasonable care not to make a misrepresentation – life insurance
- Approach to non-disclosure and misrepresentation – life insurance
Click here to read the full RegInsight on CUBE’s RegPlatform