Home
Resources
CUBE RegNews: 3...

CUBE RegNews: 3rd July

Eva Dauberton

Eva Dauberton

News Editor
Copy link Copy linkCopy to clipboard
Share on X Share on Facebook Share on Linkedin

Posted: 2024-07-03

ESAs' Gerry Cross discusses regulators' approach to DORA implementation 


At a recent conference hosted by the Institute of International Finance and Amazon Web Services, Gerry Cross, Director of Financial Regulation, Policy, and Risk at the Central Bank of Ireland and Chair of the Joint European Supervisory Authorities (ESAs) sub-committee on Digital Operational Resilience, discussed the regulators’ approach to issuing Level 2 standards for the Digital Operational Resilience Act (DORA). He outlined the guiding principles of the regulatory process and provided detailed examples to illustrate their application, offering valuable insights for firms. 


Regulatory implementation update 

Cross provided an update on the ESAs’ DORA regulatory implementation work, including the already adopted technical standards, those still under consideration by the Commission, and the soon-to-be-published final standards. Regarding the tight 17 January 2025 deadline, he said, “This legislative timetable reflects the underlying urgency of the issue that we are addressing.” 

  • The Implementing Technical Standards (ITS) for establishing the templates for the register of information, which are part of phase one, have been submitted to the European Commission in January but are still awaiting approval. To the extent that enhancements might be considered, Cross encouraged firms to adopt a pragmatic approach. 
  • The technical standards for Phase 2 are being finalised and are on track for submission to the Commission on time by 17 July 2024. These standards will include the requirements for subcontracting Information and communication technology (ICT) services that support critical or important functions within a financial entity, the requirements for conducting a threat-led penetration test, and the content, timelines, and templates for reporting major ICT-related incidents. In response to feedback, certain amendments have been made to make the standards clearer, simpler, and more straightforward, with a reduction in data fields to lessen the reporting burden. Additionally, the quantity of information requested in the register of information on third-party arrangements is proposed to be further reduced and rationalised. 


Clarifications on monitoring of subcontracting activities 

Cross acknowledged stakeholders’ concerns in that area, stating: “We regulators fully recognise this concern. And we agree with it.” 

He emphasised that firms’ outsourcing activities remain responsible for those activities and need to have ongoing knowledge about the functioning of the chain or “tree” of subcontracting arrangements, and there should be appropriate monitoring of the overall functioning of that “tree”. 

He clarified that it does not mean that each link in the chain needs to be monitored. For example, he added, one way of fulfilling the responsibility may be to ensure that primary or material subcontractors themselves have in place a robust and appropriate approach to subcontracting and due diligence. It is when those subcontractors are material to the critical or important functions of the firm that more detailed monitoring is required. 


Regulatory approach 

Building on a previous speech, Cross outlined five key principles adopted by the ESAs for their regulatory approach: momentum, pragmatism, quality, proportionality, and engagement. He also briefly mentioned the new oversight regime for critical third-party service providers (CTPPs). 

  • Momentum: Cross emphasised the urgency of the issue, which explains the tight deadline of 17 January 2025. He believes strong momentum has been maintained to deliver the new regulatory framework on time. 
  • Pragmatism: He noted that the ESAs are focused on outcomes and acknowledged that the regulation of digital operational resilience is an ongoing process, spanning multiple years. He reassured that the ESAs have put structures in place to support supervisory convergence and consistent implementation. 
  • Quality: Cross highlighted that the work to date has achieved a “high-quality, well-judged, appropriately demanding, but balanced and proportionate new regulatory framework.” 
  • Proportionality: He mentioned that ensuring proportionality has been a key focus in developing the DORA framework. 
  • Engagement: Cross emphasised the importance of stakeholder engagement in developing the regulation, and detailed the adjustments made in response to feedback. 
  • Oversight of CTPPs: He shared that the ESAs and national competent authorities have established a High-Level Group on Oversight to oversee the operational aspects of the new framework, including the designation of CTPPs. Work is underway to develop the Joint Examination Teams (JETs) to carry out the oversight of individual CTPPs in a collaborative approach. He reassured that good progress is being made in establishing collaborative teams with relevant competent authorities. 


He concluded by thanking stakeholders for their engagement and contribution to the development and implementation of the framework, noting that “it is about to become such an important feature of a well-functioning financial system supporting a successful economy and the financial wellbeing of citizens into the future.” 

 

Click here to read the full RegInsight on CUBE’s RegPlatform   

 

US Department of the Treasury issues update on EU–US Financial Regulatory Forum 


The US Department of the Treasury has issued an update on the EU–US Joint Financial Regulatory Forum that took place on 25-26 June 2024. Participants from both sides exchanged their views on various topics of mutual interest as part of their regular financial regulatory dialogue. 


EU participants included representatives of the European Commission, the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA), the European Insurance and Occupational Pensions Authority (EIOPA), the European Central Bank (ECB), and the Single Resolution Board (SRB). 

US participants included representatives from the US Department of the Treasury and staff from independent regulatory agencies, including the Federal Reserve Board (FRB), Commodity Futures Trading Commission (CFTC), Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), Securities and Exchange Commission (SEC), and Consumer Financial Protection Bureau (CFPB). 


The Forum highlighted the close cooperation between the EU and the US in various areas, and the participants had in-depth discussions about ongoing work and initiatives related to the following themes: 

  • Market developments and financial stability, including Basel-based standards 
  • Regulatory developments in banking and insurance 
  • Anti-money laundering and countering the financing of terrorism (AML/CFT) 
  • Sustainable finance 
  • Regulatory and supervisory cooperation in capital markets 
  • Operational resilience and digital finance 


In preparation for the next Forum meeting, the participants agreed to maintain engagement on these topics and other mutual interests. 

 

Click here to read the full RegInsight on CUBE’s RegPlatform   

 

CFPB's 34th edition of supervisory highlights released 


The Consumer Financial Protection Bureau (CFPB) has published the 34th edition of its supervisory highlights. This edition focuses on the servicing and collection of consumer debt, including auto loan servicing, student loan servicing, debt collection, credit card account management (specifically medical payment products), and deposit and prepaid accounts. The report also includes updates on the supervision programme, such as circulars and rules issued since the last edition, as well as enforcement actions taken during this period. 


Key takeaways 


Supervisory findings on deposit and prepaid accounts: 

Examiners have looked at practices that prevent consumers from accessing their funds or important account information. They have also assessed whether entities have complied with the Consumer Financial Protection Act of 2010 (CFPA)’s prohibition against engaging in unfair, deceptive, or abusive acts or practices (UDAAPs). Findings include: 

  • In certain instances, examiners found that entities engaged in unfair acts or practices with respect to account freezes. 
  • Examiners observed problems related to the failure to provide periodic statements for allotment accounts. 
  • In reviewing bank practices in providing consumers access to account information, examiners have observed that many entities have eliminated fees for responding to those requests. Some entities have taken steps to update policies and procedures and provide their employees with tailored instructions and training. 


Supervisory developments: 

  • Registry to detect corporate repeat offenders: On 3 June 2024, the CFPB finalised a rule to establish a registry to detect and deter corporate offenders that have broken consumer laws and are subject to federal, state, or local government or court orders. The registry will also help the CFPB to identify repeat offenders and recidivism trends. 
  • Interpretive rule regarding Buy Now, Pay Later: On 22 May 2024, the CFPB issued an interpretive rule that confirms that Buy Now, Pay Later lenders are credit card issuers. Accordingly, Buy Now, Pay Later lenders must provide consumers with some key legal protections and rights that apply to conventional credit cards. 
  • Rule on procedures for supervisory designation proceedings: On 23 April 2024, the CFPB updated its procedures for designating nonbank covered persons for supervision to conform to a recent organisational change. 
  • Circular 2024-02 on remittance transfers: On 27 March 2024, the CFPB issued a circular regarding deceptive marketing practices regarding the speed or cost of sending a remittance transfer, noting that remittance transfer providers may be liable under the CFPA regardless of whether they follow the disclosure requirements of the Remittance Rule. 

 

Click here to read the full RegInsight on CUBE’s RegPlatform   

 

ASIC's efforts to combat insider trading highlighted in recent publication 


The Australian Securities and Investments Commission (ASIC) has published an article discussing its efforts to supervise the integrity of Australia’s equity markets. The article specifically focuses on ASIC’s actions against insider trading and provides recommendations for firms, both listed and entities operating in private markets, on how to prevent such behaviours.

Key recommendations include assessing whether controls effectively manage the risk of insider trading and implementing formal leak policies. 


Key supervisory actions 

  • ASIC is nearing completion of their work to measure equity market cleanliness (suspicious trading ahead of company announcements) is nearing completion. They will provide an update in the coming weeks. 
  • To combat insider trading, ASIC has implemented an award-winning system that automatically detects and investigates suspected market misconduct. They are also actively targeting leaks and will take strong action to address this poor practice. 
  • ASIC is monitoring developments in innovative data science tools like artificial intelligence and machine learning to explore their potential applications in market surveillance. 
  • ASIC is also expanding its focus to adapt to changes in the capital market structure. This includes examining other products and markets, such as debt markets, in its market cleanliness work. It is also considering how firms manage inside information. 
  • Six insider trading criminal prosecutions are underway, and ASIC is actively investigating multiple other cases or referring them to the Commonwealth Director of Public Prosecutions for assessment. Notable recent successes in court include the convictions of former Tesla director Kurt Schlosser and corporate adviser Cameron Waugh for insider trading. 

 

Click here to read the full RegInsight on CUBE’s RegPlatform   


APRA and ASIC urge superannuation trustees to improve retirement strategies 


The Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC) have issued a notice urging superannuation trustees to step up their efforts in monitoring and evaluating the effectiveness of their strategies to improve retirement outcomes for members. 


Some context 

The Retirement Income Covenant (Covenant) became effective in July 2022, placing a requirement on trustees to assist members in or approaching retirement to enhance their outcomes. In July 2023, APRA and ASIC jointly released an information report outlining the results of a collective thematic review of the Covenant’s implementation. The review revealed significant variability in the approach taken by registrable superannuation entity (RSE) licensees, as well as a lack of urgency in embracing the Covenant's intent. As a result, the report also outlined the regulators’ expectations for firms.

In a follow-up survey, APRA and ASIC requested trustees to report on their actions in response to the recommendations and findings from the thematic review. The call to action is a result of the survey findings. 


Key takeaways 

Overall, survey responses indicated that: 

  • RSE licensees with a larger number of member accounts and assets in retirement or approaching retirement have generally made more progress compared to the rest of the industry. 
  • While approximately three-quarters of trustees indicated that measuring retirement outcomes was a priority, only incremental progress had been made, and only eight trustees acknowledged tracking the effectiveness of retirement-focused assistance to members as a priority. 
  • Only one in five planned improvements identified by trustees are expected to be completed by mid-2024. 


The trustees' responses also highlighted several challenges in implementing the Covenant, including uncertainty around the financial advice framework, privacy, security, and concerns about the cost of collecting more member data, as well as a lack of member engagement and financial capability. 

APRA Deputy Chair Margaret Cole stated, “The most concerning finding from this survey is the lack of progress being made by trustees in tracking the success of their strategies, especially as this was highlighted as one of the key areas in need of improvement in the thematic review report. Without effective success metrics, how can trustees know that their strategies are working? Members deserve better.” 


Next steps 

APRA and ASIC expect all RSE licensees to assess gaps and identify opportunities to accelerate progress in closing these gaps, including leveraging examples of progress outlined in this industry update. 

APRA and ASIC will continue working together to monitor and drive industry progress in improving the retirement outcomes and customer experience of members of the Australian community.  

 

Click here to read the full RegInsight on CUBE’s RegPlatform   

 

EBA releases spring edition risk assessment report for EU banking sector 


The European Banking Authority (EBA) has published its risk assessment report (RAR) for the spring edition. This report provides an overview of the main developments and trends in the EU/EEA banking sector and presents the EBA's outlook on the associated main risks and vulnerabilities. The report is based on both qualitative and quantitative information collected by the EBA, including EU/EEA supervisory reporting, the EBA Risk Assessment Questionnaire (RAQ), market intelligence, as well as qualitative micro-prudential information. The report also includes an analysis of banks’ asset encumbrance and funding plan data, along with an in-depth analysis of EU/EEA banks’ Commercial Real Estate (CRE) exposures and their interconnections with non-bank financial intermediaries (NBFIs). 

 

Click here to read the full RegInsight on CUBE’s RegPlatform   

 

EBA releases Q4 2023 MREL dashboard 


The European Banking Authority (EBA) has released its Q4 2023 quarterly dashboard on the minimum requirement for own funds and eligible liabilities (MREL). This dashboard provides aggregated statistical information for 333 EU/EEA banks that are designated for resolution. MREL ensures that EU institutions have enough capacity to absorb losses and support the preferred resolution strategy in the event of failure. 

Key findings: 


According to the EBA dashboard, most EU resolution banks comply with the requirement. 

  • As of 31 December 2023, 307 banks out of the 333 sampled banks were meeting their MREL target. 
  • Three banks reported a technical shortfall of EUR 226 million, which is equivalent to 0.6% of their combined risk-weighted assets (RWA) or 0.07% of the total RWA of the sample. However, these shortfalls are understood to have been resolved since then. 
  • 23 banks have been granted a transition period beyond 1 January 2024. The combined outstanding shortfall for these banks amounted to EUR 8.0 billion, which is equivalent to 1.6% of their combined RWAs or 0.1% of the total RWAs in the sample. 
  • The banks in the sample reported that EUR 207 billion of MREL instruments will become ineligible by the end of 2024 due to maturity reasons. These instruments represent approximately 18.1% of MREL-eligible instruments other than own funds. 
  • The number of banks earmarked for resolution has increased in the past year, with the EBA receiving 352 external MREL decisions as of 1 May 2024, compared to 309 decisions received as of 1 May 2023. This increase is primarily driven by small banks transitioning from liquidation to resolution. 
  • Transfer strategies remain the preferred option in terms of the number of decisions (55%), while bail-in is the favoured option in terms of RWAs covered (94%). 

 

Click here to read the full RegInsight on CUBE’s RegPlatform