Greg Kilminster
Head of Product - Content
UK regulator imposes £350,000 fine for failure to disclose tax penalty
Kristo Käärmann, the CEO of Wise Assets UK Ltd and Wise Payments Ltd, has been fined £350,000 by the UK’s Financial Conduct Authority (FCA) for failing to disclose a significant tax penalty imposed by HM Revenue and Customs (HMRC). The penalty, which Käärmann incurred for not paying Capital Gains Tax (CGT) on a $10 million share disposal in 2017, was not reported to the FCA, despite being directly relevant to his role as a senior manager at Wise, a firm regulated by the FCA.
Tax penalty and failure to disclose
In June 2020, HMRC launched a compliance check into Käärmann’s tax affairs after he failed to declare and pay a CGT liability of £720,425.80 related to a share sale in 2017. Despite multiple warnings from HMRC, Käärmann did not respond in time. Subsequently, in November 2020, HMRC issued a financial penalty of £365,651.21, based on its finding that Käärmann had deliberately failed to notify them of the tax liability.
Käärmann, who was abroad for two months, did not open key correspondence from HMRC until February 2021. Upon learning of the penalty, he immediately arranged payment. However, over the following seven months, Käärmann failed to inform the FCA of the situation, including his potential inclusion on HMRC’s list of deliberate tax defaulters.
Breach of regulatory obligations
As the CEO of Wise Assets UK Ltd, an authorised firm under the Financial Services and Markets Act 2000, Käärmann held key responsibilities as a Senior Manager Function (SMF1) and Executive Director (SMF3). The FCA requires senior managers to disclose any material information that may affect their fitness and propriety to perform their roles. According to the FCA, Käärmann’s failure to report his tax issues represented a breach of the Senior Manager Conduct Rule 4 (SMCR 4), which mandates timely and appropriate disclosure of relevant information.
The FCA only became aware of Käärmann’s tax issues in September 2021 after a journalist contacted the regulator for comment. This led to the FCA contacting Wise for further details. The following day, Käärmann notified the FCA of his inclusion on HMRC’s list of deliberate tax defaulters.
Imposition of penalty
The fine reflects a 30% discount from the original £500,000 fine, as Käärmann agreed to settle the case at an early stage. The FCA concluded that Käärmann’s failure to disclose the tax penalty fell below the standard expected of someone in his position, particularly as the CEO of an authorised firm.
The FCA has reiterated the importance of high standards in the financial services sector, particularly for senior managers, noting that "a CEO is expected to set an example to their staff and customers." The regulator stressed that ongoing compliance with notification requirements is crucial, and individuals must carefully assess whether any events, particularly those with reputational or regulatory consequences, should be reported.
Click here to read the full RegInsight on CUBE's RegPlatform.
SEC adopts new rule
The US Securities and Exchange Commission (SEC) has adopted amendments aimed at enhancing risk management and resilience for central clearing agencies (CCAs). The amendments focus on establishing robust risk-based margin systems and ensuring effective recovery and orderly wind-down plans. The new rules target CCAs providing central counterparty services, crucial entities in the securities market responsible for maintaining transaction integrity.
Some context
Central clearing agencies play a critical role in securities transactions by acting as intermediaries—taking the position of buyer to the seller and seller to the buyer. This centralised structure helps mitigate risks and increase market efficiency. However, the growing complexity of financial markets necessitates more stringent risk management frameworks, particularly concerning credit exposures and the ability to respond during periods of market stress.
In May 2023, the SEC proposed changes to its rules, aiming to bolster the safety and resilience of CCAs, ensuring they can maintain operations and stability even when significant market disruptions occur. The SEC's revisions to Rule 17Ad-22 and the introduction of Rule 17Ad-26 are the key developments as a result.
Key takeaways
The new rules bring several important changes for CCAs:
- Risk-based margin systems: CCAs must now maintain a margin system that continuously monitors intraday credit exposures. This includes the ability to make intraday margin calls as market conditions evolve, particularly during periods of elevated volatility or when risk thresholds are breached. These systems must ensure that reliable price data is used to calculate margin requirements, with contingency plans in place for when such data is unavailable or unreliable.
- Recovery and wind-down planning: CCAs are required to implement recovery and orderly wind-down plans (RWPs) that detail how core payment, clearing, and settlement services would continue in the event of a crisis. The new Rule 17Ad-26 mandates specific content requirements for these plans, including identification of critical services, staffing needs, and service provider dependencies. Additionally, CCAs must outline potential scenarios, such as uncovered credit losses or liquidity shortfalls, that could necessitate the activation of these plans.
- Governance and reporting: The new rules place a strong emphasis on governance, requiring CCAs to monitor for specific triggers that would activate their RWPs. These plans must be reviewed and approved by the board of directors at least annually, and CCAs must notify the SEC if they plan to implement a recovery or wind-down.
- Testing and review: CCAs are required to test their RWPs at least once a year. This testing must involve participants and other stakeholders, ensuring that the plans are practical and can be executed effectively. The results of these tests must be reported to senior management and the board, and any necessary updates to the plans must be made following the tests.
Next steps
The SEC has set two compliance deadlines for CCAs: within 150 days of the rules being published in the Federal Register, CCAs must submit any required rule changes or advance notices to the Commission. Following this, the new rules must be fully implemented within 390 days.
Click here to read the full RegInsight on CUBE's RegPlatform.
Michael J Hsu speech: Boldness and caution in systemic risk
In a speech at the CFA Institute’s Systemic Risk Council, Acting Comptroller of the Currency Michael J Hsu explored the intricate balance regulators must strike between decisive action and cautious analysis in managing systemic risks.
A lesson from history
Hsu began his remarks by drawing an analogy from John Lewis Gaddis’s On Grand Strategy, recounting the story of Xerxes, the Persian king, and his decision to invade Greece in 480 BCE. Despite warnings from his cautious uncle Artabanus, Xerxes pressed forward, driven by ambition, only to face defeat. According to Hsu, this story underscores the tension between ambition and pragmatism in decision-making. "Good strategy requires a balance of both, a combination of Xerxes’s clear, ambitious vision and Artabanus’s sensitivity to surroundings," he noted.
This theme resonates in the context of financial regulation, where striking the right balance between acting on identified risks and considering broader, unforeseen vulnerabilities is crucial. Hsu reflected on the run-up to the 2008 Global Financial Crisis (GFC), where regulators focused on risks from hedge funds and securitisation equity tranches but failed to fully grasp the systemic threats posed by shadow banking and AAA-rated securities. "Like Xerxes, we succeeded in winning many of those battles, but... we lost the financial stability war," he said.
Understanding systemic risks
Hsu categorised systemic risks into three key types: known knowns, known unknowns, and unknown unknowns, urging financial regulators to be aware of each type.
Familiar risks: Known knowns
Hsu identified risks that have historically affected the financial system and are well-understood by regulators, such as interest rate risk and liquidity risk. He pointed to the recent collapses of Silicon Valley Bank, Signature Bank, and First Republic, which were primarily driven by these risks.
Another significant known risk is geopolitical instability, with Hsu citing Russia’s invasion of Ukraine and the ongoing conflicts in the Middle East. He stressed the importance of monitoring these risks, given their potential to disrupt financial stability.
Hsu also flagged regulatory arbitrage and financial engineering as ongoing concerns. Drawing parallels to the pre-GFC era, when complex instruments like credit default swaps masked risk, he highlighted the growing prevalence of synthetic risk transfers (SRTs) and urged regulators to pay close attention to how these risks could re-enter the banking system.
Emerging threats: Known unknowns
These are risks that regulators have not yet experienced in full force but are aware could pose significant threats. One key example is cyber risk. Hsu pointed out that, while no cyberattack has yet crippled the financial system, the potential for such an event is widely acknowledged.
Another emerging risk is the rise of crowded trades, where market participants take similar positions, creating vulnerabilities. Hsu referred to the 2008 negative basis trade and more recent disruptions, such as the UK’s liability-driven investment strategy unwind, as cautionary tales.
Unforeseen dangers: Unknown unknowns
Hsu also highlighted the need to stay vigilant against risks that are neither well understood nor expected. He mentioned, for example, the possibility of undersea cable disruption, which could severely affect global internet connectivity and, by extension, the financial system. While such an event may seem far-fetched, Hsu emphasised the importance of not dismissing low-probability, high-impact risks.
Another looming concern is quantum computing which, were it to advance to the point where it renders current encryption obsolete, could have massive consequences for digital security and financial systems. "These types of risks can be overwhelming to ponder," Hsu admitted, noting the obvious challenges in addressing unknown unknowns.
Balancing action and analysis
Hsu closed his speech by emphasising the need for a balanced approach in financial regulation. Regulators must carefully decide when to act and when to continue gathering information. "Taking decisive action against an emerging systemic risk warrants careful thought," he said, cautioning that both premature action and excessive analysis could have costly consequences.
In reflecting on systemic risk management, Hsu urged policymakers to take inspiration from both Xerxes’ boldness and Artabanus’s caution. "Effective financial stability policymaking requires heeding both voices and balancing them accordingly," he concluded.
Click here to read the full RegInsight on CUBE's RegPlatform.
HKMA tightens e-banking risk management framework
The Hong Kong Monetary Authority (HKMA) has issued a revised version of its Supervisory Policy Manual (SPM) module on e-banking risk management, extending its scope to cover payment card transactions. The updated guidelines reflect the regulator’s ongoing efforts to enhance the governance and oversight of authorised institutions' (AIs) digital banking services.
The revised module, TM-E-1 Risk Management of E-banking, has been introduced following consultations with key industry associations and is now a statutory guideline under section 7(3) of the Banking Ordinance. This move demonstrates the HKMA’s commitment to staying ahead of evolving digital banking risks while providing financial institutions with clearer, more comprehensive supervisory guidance.
Key updates
The updated SPM module consolidates existing requirements from various supervisory documents, including past circulars and incident watch reports, to provide a single, cohesive framework for AIs. The main changes are as follows:
- Expanded scope: The module now includes additional controls over payment card transactions, reflecting the growing importance of safeguarding digital payment services.
- Consolidated security measures: The revised module incorporates previously scattered guidance into a unified set of security protocols, ensuring AIs have clear directives on protecting customer data and mitigating operational risks.
- Principle-based guidance: The HKMA has introduced broader, principle-based recommendations, allowing institutions to tailor their risk management practices to better align with individual business models while maintaining a high level of regulatory compliance.
Effective date and access
The revised module will come into effect immediately, providing AIs with a three-month window to review and strengthen their internal risk management procedures.
Click here to read the full RegInsight on CUBE's RegPlatform.
BIS showcases compliance automation in cross-border transactions with Project Mandala
The Bank for International Settlements (BIS) and a coalition of central banks have successfully demonstrated the potential for automating regulatory compliance in cross-border financial transactions with Project Mandala. The initiative, a collaboration between the BIS Innovation Hub Singapore Centre and central banks from Australia, Korea, Malaysia, and Singapore, marks a key milestone in efforts to streamline global payments while ensuring adherence to complex regulatory frameworks.
Addressing regulatory fragmentation
Project Mandala seeks to tackle the challenges of navigating divergent regulatory and policy requirements across jurisdictions, which have historically increased the cost and slowed the speed of cross-border financial transactions. The project aligns with G20 priorities to enhance the efficiency of international payments by reducing costs and improving transaction times, all while maintaining robust compliance standards.
"Mandala is pioneering the compliance-by-design approach to improve cross-border payments without compromising privacy or the integrity of regulatory checks," said Maha El Dimachki, Head of the BIS Innovation Hub Singapore Centre.
The proof-of-concept demonstrated that compliance can be embedded into the transaction process itself, automating checks and verifications in real-time and reducing the burden on financial institutions.
Key technical innovations
At its core, Project Mandala developed a decentralised compliance-by-design system, integrating financial institutions and central banks into a unified network. The system relies on three critical components:
- A peer-to-peer messaging system that ensures direct communication between parties.
- A rules engine to apply jurisdiction-specific regulations to transactions.
- A proof engine that generates verifiable compliance proofs upon completion of regulatory checks.
Once all compliance checks, such as sanctions screening and capital flow management (CFM) measures, are verified, the system generates compliance proof. This proof can travel with the payment instruction across borders, ensuring all necessary regulations are adhered to without the need to disclose underlying customer data, safeguarding privacy throughout the process.
Use cases
The system's feasibility was tested through two primary use cases:
- Cross-border lending between Singapore and Malaysia: Mandala automated the compliance process for CFM measures and sanctions screening, allowing central banks to monitor compliance in real-time.
- Cross-border financing between South Korea and Australia: Mandala streamlined the process for an unlisted securities transaction, integrating sanctions screening and CFM reporting requirements.
Integrating with digital and traditional systems
One of Project Mandala’s achievements is its integration capability. The system supports both emerging digital asset settlement technologies, such as wholesale central bank digital currencies (CBDCs), and traditional systems like Swift. This dual compatibility ensures that the system can operate within both current and future financial infrastructures, providing flexibility and scalability for institutions moving towards digital assets.
For digital transactions, Mandala demonstrated programmable compliance embedded within smart contracts, further enhancing the system’s adaptability to modern financial technologies.
Future potential
As central banks and regulators increasingly explore ways to enhance the efficiency of cross-border payments, Project Mandala provides a glimpse into how compliance automation could reshape global finance.
Click here to read the full RegInsight on CUBE's RegPlatform.