Greg Kilminster
Head of Product - Content
FCA seeks feedback on Q&As for UK trade repositories
The Financial Conduct Authority (FCA) is seeking feedback on a set of Q&As that provide guidance for UK Trade Repositories (TR) registered under Article 55 of UK EMIR before the new requirements take effect on 30 September 2024.
The deadline for feedback is 25 September 2024.
Some context
On 24 February 2023, the FCA, along with the Bank of England, released a joint Policy Statement (PS) 23/2 confirming changes to the derivative reporting framework under UK EMIR.
The guidance consulted on has been drafted in response to requests from UK TRs to help them apply the updated reporting requirements.
Click here to read the full RegInsight on CUBE’s RegPlatform
FCA report highlights the importance of supporting unbanked consumers
The Financial Conduct Authority (FCA) has issued a report regarding the access and closure of payment accounts in the UK. The FCA has also published qualitative research to shed light on the experiences of financially excluded consumers when using financial products and services.
Some context
The initial report, published in 2023, was prompted by concerns about account providers closing customers’ payment accounts based on their political beliefs or lawfully expressed views. However, the information received did not indicate any account terminations for these reasons. Instead, the most common reasons for declining, suspending, or terminating accounts were inactivity/dormancy and concerns related to financial crime.
With this report, the FCA intended to follow up and conduct further work to validate the provided data, understand the reasons for the varied decline rates of Basic Bank Accounts (BBAs), investigate the use of ‘reputational risk’ in account access decisions, and engage with consumer groups and charities to gain insight into their experiences and the experiences of the individuals they represent.
Key takeaways
As a result of the findings, the FCA:
- Acknowledges the efforts made by banks, building societies, and payment firms to help customers access accounts and encourages them to continue building on existing good practices.
- Urges account providers to increase awareness of basic bank accounts and review their approach to denying and closing accounts, particularly to ensure that vulnerable consumers are not negatively affected.
- Reminds providers to act in accordance with their obligations under the Consumer Duty when closing or denying accounts.
In addition to the report, the FCA has published independent qualitative research on the experiences of financially excluded consumers. The aim is to assist the industry and consumer groups in understanding how proper support can facilitate effective access to financial services.
Next steps
The next steps for firms involve reviewing their customer journeys for onboarding and offboarding, as well as associated policies and procedures, through the lens of the Consumer Duty, and providing evidence of their compliance with the Duty’s cross-cutting rules and delivery of positive outcomes.
For the FCA, the next steps include refining questions in the Financial Lives Survey to understand the underlying issues of unbanked consumers and reviewing observations gathered from engagement with charities and consumer groups. The FCA also reserves the right to take further action if the changes implemented are found to be ineffective or inadequate in addressing account access difficulties for unbanked consumers.
Click here to read the full RegInsight on CUBE’s RegPlatform
CP24/11: PSR proposes changes to the reimbursement cap for Faster Payments APP scams
The Payment Systems Regulator (PSR) has released consultation paper (CP) 24/11, proposing a change to the maximum reimbursement level for Faster Payments authorised push payment (APP) scams.
The PSR proposes to align this cap with the Financial Services Compensation Scheme (FSCS) limit of £85,000 rather than the Financial Ombudsman (FOS) limit of £415,000.
It is important to note that this consultation does not include any other alterations to the policy or the implementation date, which remains 7 October 2024.
Some context
In December 2023, the PSR issued policy statement (PS) 23/4, along with legal instruments (Specific Directions 19, 20, and 11), which required Faster Payments participants to reimburse victims of APP scams. According to the new requirements, payment service providers (PSPs) must reimburse their customers in Faster Payments APP scams that meet the specified criteria, with a shared reimbursement cap between the sending and receiving PSP(s).
Next steps
The deadline for feedback is 18 September.
Click here to read the full RegInsight on CUBE’s RegPlatform
CFTC Commissioners challenge new enforcement action in DeFi space
The Commodity Futures Trading Commission (CFTC) has fined Universal Navigation Inc. d/b/a Uniswap Labs $175,000 for illegally offering leveraged or margined retail commodity transactions in digital assets via a decentralised digital asset trading protocol.
Ian McGinley, CFTC Director of enforcement, commented on the announcement, reiterating the CFTC’s commitment to enforcing the CEA as digital asset platforms and decentralised finance (DeFi) ecosystems evolve.
However, in a statement, Commissioner Caroline D Pham criticised the enforcement action as “legally simplistic” and voiced her concerns about the potential regulatory uncertainty, particularly in digital assets and cash commodity markets, and its impact on small businesses and American innovation. She noted that this DeFi case “may very well be a regulatory allergic reaction to new technology.”
Commissioner Summer K Mersinger echoed these concerns, emphasising that the CFTC’s need to engage in a rulemaking process around DeFi and consider its role in encouraging responsible innovation for the future of the US derivatives markets.
Some context
Uniswap Labs developed and deployed a blockchain-based digital asset protocol that allowed users to trade digital assets through the Ethereum blockchain. The protocol facilitated the creation and trading of liquidity pools comprised of matched pairs of digital assets valued against each other. Uniswap Labs also provided a web interface for users to access the protocol, enabling trading in hundreds of liquidity pools, including a limited number of leveraged tokens offering leveraged exposure to digital assets such as Ether and Bitcoin. However, the order found that these leveraged tokens did not result in actual delivery within 28 days and were offered to non-eligible contract participants without proper authorisation from the CFTC.
Click here to read the full RegInsight on CUBE’s RegPlatform
SEC fines credit rating agencies $49 Million over off-channel communications
The US Securities and Exchange Commission (SEC) has announced another enforcement sweep involving off-channel communications, with penalties totalling more than $49 million. This time, six well-known credit rating agencies are affected:
- Moody’s Investors Service, Inc. agreed to pay a $20 million civil penalty.
- S&P Global Ratings agreed to pay a $20 million civil penalty.
- Fitch Ratings, Inc. agreed to pay an $8 million civil penalty.
- HR Ratings de México, S.A. de CV agreed to pay a $250,000 civil penalty.
- AM Best Rating Services, Inc. agreed to pay a $1 million civil penalty.
- Demotech, Inc. agreed to pay a $100,000 civil penalty.
Each credit rating agency is also required to retain a compliance consultant, except for AM Best and Demotech, which made significant efforts to comply with the recordkeeping requirements early as registered credit rating agencies and cooperated with the SEC’s investigations.
Sanjay Wadhwa, Deputy Director of the SEC’s Division of Enforcement, stated, “We have seen repeatedly that failures to maintain and preserve required records can hinder the staff’s ability to ensure that firms are complying with their obligations and the Commission’s ability to hold accountable those that fall short of those obligations, often at the expense of investors. In today’s actions, the Commission once again makes clear that there are tangible benefits to firms that make significant efforts to comply and otherwise cooperate with the staff’s investigations.”
Click here to read the full RegInsight on CUBE’s RegPlatform
Building operational resilience: A cornerstone for global financial stability
In a speech to the joint European Banking Authority and European Central Bank international conference, Frank Elderson, Member of the Executive Board of the ECB and Vice-Chair of the Supervisory Board of the European Central Bank (ECB), spoke about the critical issue of operational resilience, and stressed the necessity for banks to fortify themselves against a rapidly evolving risk landscape increasingly shaped by cyber threats, technological disruptions, and the growing complexities of global financial systems.
A new paradigm in risk management
Elderson began by drawing a parallel between nature and finance, likening banks to resilient trees capable of withstanding storms. Just as certain trees survive extreme weather due to their inherent characteristics, banks too must develop robust operational resilience to navigate today’s multifaceted risks.
In a poignant illustration, he highlighted the 2022 bankruptcy of Amsterdam Trade Bank (ATB). Despite ample capital and liquidity, ATB collapsed after sanctions severed its access to IT systems managed by third-party providers. This incident starkly demonstrated that financial resilience, though crucial, is insufficient if a bank’s operational backbone is vulnerable.
Beyond financial buffers
Elderson’s central thesis was that operational resilience must complement financial resilience. He argued that banks can no longer rely solely on capital and liquidity buffers to weather crises. The operational challenges banks face today—such as cyber incidents, IT failures, and disruptions from natural disasters—demand an equally robust focus on maintaining critical operations during disruptions.
He pointed to recent incidents where financial institutions suffered significant disruptions due to cyberattacks and IT failures. These examples highlight a key lesson: financial strength is meaningless if operational infrastructure crumbles under pressure.
Regulatory frameworks and global collaboration
Acknowledging the progress made, Elderson praised the global supervisory community for elevating operational resilience on their agendas. The Basel Core Principles now explicitly address operational resilience, encompassing governance, business continuity, and third-party risk management. This global standardisation is vital as the financial sector grapples with heightened geopolitical, cyber, and environmental risks.
The European Union's Digital Operational Resilience Act (DORA), set to take effect in January 2025, is another significant step forward. It mandates a culture of continuous IT and cyber risk management within banks, thereby reinforcing the broader regulatory framework designed to safeguard financial stability.
The cyber threat landscape
Elderson highlighted the increasing frequency and sophistication of cyberattacks, a trend corroborated by the IMF and reflected in the ECB’s own data. The number of significant cyber incidents reported to the ECB nearly doubled from 2022 to 2023, signalling a growing threat to financial stability.
In response, the ECB conducted a cyber resilience stress test earlier this year. Unlike traditional stress tests that focus on capital impact, this exercise aimed to assess banks' ability to maintain critical functions during a cyber crisis. The results revealed that while banks have response frameworks in place, there remains considerable room for improvement, particularly in handling worst-case scenarios.
The risks of cloud outsourcing
Elderson also addressed the increasing reliance on cloud services by banks, a trend that, while beneficial, introduces new risks. A misconfiguration at a major cloud provider in May 2024, which temporarily erased €82 billion from pension fund accounts, served as a stark reminder of these dangers.
Concentration risk is another concern. With more than 70% of banks and 80% of insurers dependent on just two cloud providers, the potential impact of a failure at one of these providers could be catastrophic. This concentration poses a significant threat not only to individual banks but to the stability of the entire financial system.
To mitigate these risks, the ECB has begun conducting on-site inspections of cloud service providers and issued guidelines on cloud outsourcing. Elderson emphasised that banks must ensure their third-party providers adhere to the same rigorous risk controls that would apply if these services were handled internally.
Investing in resilience
In his conclusion, Elderson called on banks to prioritise investment in operational resilience. He warned against complacency, noting that operational resilience cannot be bolstered by simply accumulating additional capital. Instead, it requires sustained investment in modern IT infrastructure, comprehensive business continuity plans, and, critically, human capital.
Elderson stressed the need for bank boards to possess a deep understanding of IT and cyber risks. Without this expertise, the collective suitability of these boards could be called into question, potentially compromising the bank’s ability to navigate operational shocks.
In a world where financial and operational risks are increasingly intertwined, Elderson’s call to action serves as a timely reminder that operational resilience is not just a regulatory requirement but a cornerstone of global financial stability.
Click here to read the full RegInsight on CUBE’s RegPlatform
The evolution of bank supervision: key insights from Michael Hsu's address
In a speech at the Joint European Banking Authority and European Central Bank International Conference, Michael Hsu, the Acting Comptroller of the Currency, delivered a detailed examination of how bank supervision has evolved over the past decades. As banks have grown larger and more complex, the role of supervision has become increasingly vital, yet often misunderstood or overlooked. Hsu's remarks offer valuable insights into the nature of supervision, its evolution in response to a changing banking landscape, and the challenges that lie ahead.
The nature of supervision
Hsu began by distinguishing between regulation and supervision. While regulation involves setting and enforcing rules, supervision is more nuanced and involves promoting safe and sound banking practices. He compared regulation to speed limits, whereas supervision is akin to safe driving—more about behaviour and judgement than strict rule-following. Supervisors, Hsu noted, play multiple roles, ranging from referees to quasi-auditors, adapting their approach based on the situation at hand.
At its core, supervision is a "ground game," characterised by regular, often behind-the-scenes interactions between supervisors and banks. These ongoing engagements allow supervisors to develop a deep understanding of a bank’s strengths, weaknesses, and overall risk profile. In another analogy, Hsu compared this continuous oversight to the cumulative benefits of regular exercise—each individual interaction may seem insignificant, but over time, they build a foundation of safety and soundness within the banking system.
Supervision, Hsu argued, is also a craft, requiring a unique blend of skills including curiosity, critical thinking, and emotional intelligence. Effective supervision is not just about following procedures but involves a deep engagement with the complexities of each bank's operations. This craft is honed through years of experience, as exemplified by the rigorous training required for OCC examiners, many of whom have decades of experience.
An evolving banking system
The banking landscape has changed dramatically over the past 30 years, necessitating a corresponding evolution in supervision. Hsu said that while the number of banks in the US has decreased, their total assets have grown significantly, leading to a concentration of financial power in fewer, larger institutions. Today, 32 US banks hold more than $17 trillion in combined assets, a stark increase from just five banks holding $800 billion three decades ago.
This concentration of assets is accompanied by a rise in non-financial risks. Cybersecurity, operational resilience, and compliance have become critical areas of focus as banks have digitised and become more interconnected with non-bank entities. Hsu highlighted the growing complexity of these risks, particularly in the context of partnerships between banks and fintech firms, which resemble global supply chains in their intricacy and interdependencies.
Adapting supervision to meet new challenges
To remain effective in this evolving environment, Hsu advocated for several key changes in how supervision is conducted.
- First, he emphasised the need for a more agile "team-of-teams" approach. The traditional model of relying on a single, bank-specific supervisory team is no longer sufficient for overseeing large, complex institutions. Instead, Hsu suggests a structure where multiple specialised teams collaborate to provide a more comprehensive and consistent supervisory assessment.
- Second, Hsu argued that supervisors must become as adept at managing non-financial risks as they are at handling financial ones. The increasing importance of cybersecurity, compliance, and operational resilience requires supervisors to be not only technically proficient but also flexible and responsive to rapid changes in the risk landscape.
- Finally, Hsu highlighted the need for stronger supervision of non-GSIB (Global Systemically Important Banks) large banks. As these institutions grow in size and complexity, the risks they pose to the financial system also increase. Hsu suggested that it may be time for US banking agencies to consider a formal framework for identifying and supervising domestic systemically important banks (DSIBs), which could help clarify the stakes involved and ensure appropriate oversight.
The imperatives for future supervision
Looking ahead, Hsu identifies two imperatives that are essential for maintaining effective supervision in the future.
- First, he stressed the importance of operationalising and sustaining risk-based supervision. This approach, which prioritises the most significant risks rather than adhering to a rigid checklist, requires a shift in mindset and a commitment to continuous reprioritisation. It also demands that accountability for supervisory outcomes is shared across the agency, rather than being placed solely on individual teams.
- Second, Hsu called for supervisors to prioritise agility and credibility. In a rapidly changing environment, the ability to learn and adapt quickly is more important than consistency or deep subject matter expertise. The OCC, he noted, has already begun to address this through organisational changes aimed at increasing agility, such as the establishment of an Office of Financial Technology and initiatives focused on emerging technologies like generative AI.
As Hsu aptly concluded, supervisors are the guardians of trust in banking—a role that will only grow in importance in the years to come.
Click here to read the full RegInsight on CUBE’s RegPlatform
OCC releases August CRA performance evaluation results
The Office of the Comptroller of the Currency (OCC) has published its Community Reinvestment Act (CRA) performance evaluation covering the period from 1 August 2024 to 31 August 2024.
The assessment is part of the federal banking agencies' obligations under the CRA to review an institution’s credit provision to its entire community, including low-to moderate-income (LMI) neighbourhoods while ensuring the institution’s overall safety and soundness.
Of the 17 evaluations made public this month, 10 are rated satisfactory and seven are rated outstanding.
Click here to read the full RegInsight on CUBE’s RegPlatform
FMA’s shift to proactive supervision under CoFI
In a speech delivered at the New Zealand Insurance Law Association Conference, Jane Brown, Head of Insurance at the of New Zealand’s Financial Markets Authority (FMA) offered a clear overview of how the regulator plans to navigate the introduction of the Conduct of Financial Institutions (CoFI) regime.
Learning from enforcement cases
Brown’s remarks also considered how both the FMA and the insurance sector can draw lessons from enforcement actions over the last few years. Notably, the FMA and the Reserve Bank of New Zealand’s joint reviews of insurers uncovered poor practices, some of which led to civil proceedings under the Fair Dealing provisions of the Financial Markets Conduct Act (FMC Act).
The most striking cases involved insurers failing to apply multi-policy discounts that customers were entitled to, resulting in millions of dollars in overcharged premiums. Brown highlighted the length of time these issues persisted, with some breaches stretching back decades. The lapses were attributed to inadequate oversight and outdated IT systems, which eroded the trust between insurers and their customers.
Brown stressed the FMA’s stance: insurers have an obligation to treat customers fairly, and trust must be at the core of that relationship. She urged firms to review their business operations broadly, noting that issues uncovered in one area of the business often point to broader systemic problems.
A call for robust self-reporting
A key theme in Brown’s speech was the importance of self-reporting. The FMA expects that financial institutions will report breaches or potential breaches promptly, demonstrating that they take their legal and licensing obligations seriously. Self-reporting, however, does not shield firms from enforcement action. Brown was unequivocal: “A confession does not absolve responsibility.” The nature and severity of the misconduct will remain the primary factor guiding the FMA’s response, regardless of how an issue is reported.
Brown outlined best practices for self-reporting, urging firms to act swiftly once an issue is identified. Delaying engagement with the regulator, in the hope of first resolving all the details internally, can exacerbate the situation. Firms should inform their boards, the FMA, and affected customers as soon as they become aware of the problem, she advised.
A proactive regulatory approach under CoFI
The introduction of CoFI represents a watershed moment for the FMA, giving the regulator new tools and powers to monitor, supervise, and guide financial institutions’ conduct. Whereas the FMA’s current regulatory framework under the FMC Act focuses on reactive measures, CoFI enables a more proactive approach, requiring firms to embed good conduct as a fundamental part of their operations.
At the heart of CoFI is the fair conduct principle, which mandates that financial institutions treat customers fairly in the provision of financial services. Brown emphasised that CoFI will place a stronger focus on customer outcomes. “An outcomes focus requires thinking about and implementing good effective practice and the results this will achieve, not just complying with prescriptive rules set by law,” she said.
The FMA’s shift to proactive supervision will see the use of a broader array of regulatory tools, including thematic reviews, monitoring activities, and ongoing dialogue with institutions. These tools will enable the regulator to better assess how firms are managing conduct risks and delivering fair outcomes for customers. Brown also underlined that firms will have the flexibility to determine how best to achieve compliance, so long as they demonstrate a commitment to treating customers fairly.
The countdown to CoFI implementation
With just six months until CoFI comes into force, Brown urged insurers and other financial institutions to ensure they are ready for the new regime. The FMA has already begun processing licence applications, but Brown noted that far fewer applications have been received than anticipated. She warned firms not to leave their applications until the last minute, emphasising the 60-day processing time required for a CoFI licence.
For those firms considering exemptions from the fair conduct programme or CoFI regime altogether, Brown recommended having a contingency plan in place. Without a licence by 31 March 2025, firms will be unable to provide financial services to retail customers. The FMA is actively engaging with smaller institutions, including non-bank deposit takers and credit unions, to help ensure a smooth transition into the new regulatory framework.
The future of the FMA’s supervision
Brown concluded by reaffirming the FMA’s commitment to an open, collaborative approach with the industry. The regulator aims to reduce unnecessary regulatory burdens where possible, while also ensuring firms understand their responsibilities under the new regime. As the FMA prepares to implement CoFI, Brown highlighted that this journey is not a one-off project but an ongoing process of improvement in how financial institutions serve their customers.
The FMA’s new direction signals a significant shift in how financial institutions will be regulated in New Zealand. While CoFI introduces a range of supervisory tools designed to prevent misconduct and promote fair customer outcomes, Brown’s message was clear: firms must embrace this shift towards proactive conduct management, or risk facing enforcement action. The FMA stands ready to work with the industry to achieve these goals, but accountability will remain a cornerstone of the regulator’s approach.
Click here to read the full RegInsight on CUBE’s RegPlatform