CUBE RegNews: 8th December

Posted: 2023-12-08

UK regulators propose new rules for critical third-party service providers

The Bank of England (BoE), the Prudential Regulation Authority (PRA), and the Financial Conduct Authority (FCA) (the regulators) have released a consultation paper (CP) 26/23 (FCA CP23/30) which includes proposed requirements for critical third parties (CTPs). This framework aims to minimise potential risks to the stability of the UK financial system, market integrity, and consumer protection that could result from a disruption in services provided by third parties deemed to be CTPs.  

Although the regulators currently do not have supervisory power over third parties, such as cloud infrastructure providers and other technology firms outside the financial sector, the proposed framework will help manage the risks associated with these third-party service providers. 

Scope 

The CP only applies CTPs’ services to firms and financial market infrastructure entities (FMIs). The regulators have also emphasised that this framework will not blur, eliminate, or reduce the accountability and responsibility of firms in fulfilling their existing regulatory obligations on operational resilience and third-party risk management. 

Proposals 

The proposals, based on the feedback to Discussion Paper (DP) 3/22 – Operational resilience: Critical third parties to the UK financial sector, issued in July 2022, are as follows: 

• CTP identification: HM Treasury has the power to designate parties as “critical” in consultation with the UK financial regulators and other bodies. The CP outlines a set of criteria for identifying potential CTPs, including the materiality of the service, the number and type of firms and FMIs to which the entity provides services, and the sources of data and information used for identification. The regulators also expect firm/FMI data to become the primary data source for identifying potential CTPs over time. 
• CTP Fundamental rules:  The CP proposes a set of six Fundamental Rules that CTPs must comply with for all the services they provide to firms and FMIs. These rules are similar to but less extensive than the PRA Fundamental Rules and FCA Principles for Businesses.  
• CTP Operational Risk and Resilience Requirements: The CP also includes proposals requiring CTPs to comply with clear and consistent obligations concerning their material services, including obligations regarding governance, risk management, dependency and supply chain risk management, technology and cyber resilience, change management, mapping, incident management, and termination of services. 
• Information-gathering and testing, self-assessment and information sharing and notification: The proposals require CTPs to demonstrate their ability to comply with regulatory obligations annually and, upon request, carry out regular scenario testing and skilled person reviews. The CP also proposes requiring CTPs to notify regulators and their firm and FMI customers who receive an affected service of certain incidents. 

Next steps 

The proposals will result in requirements for CTPs in the BoE rulebook, PRA rulebook, and FCA handbook, a joint BoE/PRA/FCA supervisory statement, and a joint BoE/PRA supervisory statement and FCA guidance on the regulators’ policy and expectations on the use of skilled person reviews of CTPs as an oversight tool. 

The BoE and the PRA intend to consult on a joint statement of policy about the use of their disciplinary powers over CTPs in due course, which will be aligned with their ongoing wider review of enforcement. The consultation will close on 15 March 2024. 

Click here to read the full RegInsight on CUBE’s RegPlatform

FCA proposes new regulations to ensure access to cash for consumers and businesses

The Financial Conduct Authority (FCA) has released a consultation paper (CP)23/29 proposing new rules that require banks and building societies to evaluate and address gaps or potential gaps in cash access provisions. The proposed regulatory regime aims to address the significant changes in how consumers pay, and businesses accept payments, resulting from the increasing popularity of digital services and payment options. Despite the convenience of these payment methods, the ability to withdraw cash remains essential, particularly for consumers with vulnerable characteristics and small businesses. To manage the pace and impact of change, the FCA highlights that it is crucial that designated firms assume responsibility for filling gaps in provision where deficiencies in cash access significantly impact consumers and SMEs. 

Proposals 

The FCA proposes that designated firms should: 

• Assess whether the provision of cash access services is or would be deficient and whether any deficiency results in significant impacts when there is a closure or material change to cash access services provision in a local area.  
• Conduct assessments following receipt of a cash access request and deliver additional cash solutions to fill gaps in cash service provision where assessments show that there are or are likely to be significant impacts from deficiencies in cash access, and it is reasonable to provide them. 
• Ensure they do not close cash facilities, including bank branches until any additional cash access services identified in the assessment process are available.  
• Ensure that any additional cash access services identified in an assessment are provided within three months of the outcome/any review being published or by the closure date if later. 
• Provide consumers and SMEs with clear information about where they can access cash services and how to raise concerns about a deficiency in cash access in their local area. 
• Report branch data and branch closure data to the FCA, which supervisors will use to analyse the potential impacts of closures and take mitigating action if necessary. 

The FCA strongly encourages designated firms to work through a single independent coordination body designated by the Government to meet their requirements around assessments. Therefore, the proposed rules will apply to both designated firms and, where appropriate, any designated independent coordination body acting on their behalf. 

Scope 

This consultation applies to: 

• Firms that provide current accounts to personal or business customers and anticipate being designated by the Treasury. 
• Businesses that anticipate being designated by the Treasury as a coordination body.  
• Businesses involved in the supply of cash access services and operation of cash access facilities, including the Post Office and operators of payment systems through which cashback is provided, as they may be subject to new requests for information. 

Next steps 

The FCA expects to finalise the rules in Q3 2024, alongside the publication of their Policy Statement. The FCA is also consulting on a transitional period, which would give designated entities additional time to carry out cash access assessments for the first three months after the rules come into force.  The consultation will close on 8 February 2024. 

Click here to read the full RegInsight on CUBE’s RegPlatform

HKMA revises banking code of practice

The Hong Kong Monetary Authority (HKMA) has announced the launch of the revised Code of Banking Practice (the Code) by the Hong Kong Association of Banks (HKAB) and the DTC Association (DTCA). The Code is used by authorised institutions (AIs) in dealing with and providing services to their customers. It covers specifically banking services such as current accounts, savings and other deposit accounts, loans and overdrafts, card services, electronic banking services and foreign currency exchange and payment services. 

The latest revisions include the following: 

Consumer protection in digital banking: 

• Ensuring banks effectively provide customers with pertinent information during the application for banking services and transactions on internet banking platforms. 
• Require banks to offer security advice on new technologies in banking services to enhance customer understanding of risks and protective measures in digital banking. 
• Mandating banks to retain records of marketing materials in digital channels to facilitate handling customer inquiries or disputes. 

Empowering customers in financial management: 

• Banks should provide enriched information in Key Facts Statements related to loan products, providing customers with insights into risks and potential repayment obligations. 
• Banks should allow customers to use loan calculators on internet banking platforms to assess borrowing costs and repayment ability before making decisions. 
• Requiring banks to seek customer agreement before increasing credit card limits. 
• Notifying customers at least 60 days in advance of significant changes to loan product terms, providing them with sufficient time for preparatory actions. 
• Offering timely advice to customers facing potential financial difficulties. 

Fair treatment of customers: 

• Banks should provide increased transparency in the processes of opening, maintaining, and closing bank accounts. 
• Banks should provide channels for customers to request reviews of relevant decisions to ensure reasonable access to basic banking services. 
• Extending comprehensive protection and support to customers involved in disputes on products and services. 
• Ensuring proper protection for customers during banks’ loan recovery processes. 

Adoption of G20/OECD High-Level Principles: 

• The Code introduces updates from the G20/OECD High-Level Principles on Financial Consumer Protection into the general principles for banks. 

Revisions to the Code take immediate effect. 

Click here to read the full RegInsight on CUBE’s RegPlatform

Australia consults on the end of cheques

The Australian Treasury has published Winding down Australia’s cheques system, a consultation paper which outlines the government’splans to wind down the cheques system by no later than 2030, with government use of cheques to be phased out by the end of 2028. This timetable was outlined in the Strategic Plan for Australia’s Payments System, published in June 2023. 

The consultation outlines a phased transition plan, commencing in 2025 with the cessation of issuaance of bank cheques through to the end of 2030 when cheques will refuse to be accepted. 

Comments to the proposal are requested by 2 February 2024. 

Click here to read the full RegInsight on CUBE’s RegPlatform

Edinburgh reforms: one year on more style than substance?

The UK government has published a report assessing progress on the Edinburgh reforms (reforms), announced in December 2022. 

The reforms were widely expected to bring about the biggest change in UK financial services regulation since the Financial Services and Markets Act in 2000, however this latest report from the House of Commons Treasury Committee concludes that “many of the strands of work included in the Edinburgh Reforms are not reforms, but are more preparatory work for potential reforms in the future and should be treated as such. However, even among the reforms that we agree are genuine changes in regulatory rules, the categorisation of some as reforms to be championed by the Chancellor as significant and worthy of attention is unconvincing”. 

The report does include a useful breakdown of where each of the reforms in terms of “is it a genuine reform?” and “has it been delivered?”. 

Click here to read the full RegInsight on CUBE’s RegPlatform

ASIC fines ANZ for continuous disclosure failings

Just a few months following its Aus$15 million fine, Australia and New Zealand Banking Group Limited (ANZ) has been fined an additional Aus$ 900,000 for breaching its continuous disclosure obligation during a $2.5 billion institutional share placement in 2015. 

The press release from the Australian Securities & Investments Commission notes that ANZ breached “section 674(2) of the Corporations Act by failing to notify the Australian Securities Exchange (ASX) that ANZ shares, with a value of between approximately $754 million and $790 million of the $2.5 billion of ANZ shares offered in an Institutional Placement, were to be acquired by its underwriters”. 

Click here to read the full RegInsight on CUBE’s RegPlatform