By tackling this list of potential issues, compliance teams can create their new year’s resolutions and put their organisation’s programmes on sound footing should the Financial Conduct Authority come knocking in 2022.
1. Investment Firms Prudential Regime: The FCA’s new IFPR is coming. The new regime, which came into force on January 1 2022, significantly impacts FCA-authorised investment managers, advisers and brokers who provide Mifid services. The IFPR includes new minimum requirements for capital and liquidity, governance, including the new internal capital adequacy and risk assessment, and remuneration.
Businesses also need to familiarise themselves with a revised, albeit somewhat simplified, reporting regime, most of which must be completed on a quarterly basis (first returns in April 2022). Making the changes to adhere to the new regime is not a simple undertaking – it is crucial that businesses understand that implementation and compliance cannot happen overnight
2. ESG
UK climate disclosures and TCFD: Created to develop consistent climate-related financial risk disclosures to be used by companies, banks and investors, the Task Force on Climate-Related Financial Disclosures is an existing global voluntary framework created in 2015 by the Financial Stability Board to increase the amount of information and transparency at the business and investment level, giving investors and others the ability to assess, and price, climate-related risk and opportunities.
Rather than creating a new regulatory framework, the FCA has selected to adopt and provide flexibility around an already existing and widely accepted international framework. The hope is that this will allow businesses to better integrate the new rules with any current existing ESG frameworks they may be reporting under.
The FCA began implementation of the TCFD recommendations on January 1 2022 for asset managers with assets under management greater than £50bn, with a publication deadline on the June 30 2023. The second phase will be effective from January 1 2023 for remaining asset managers with AUM greater than £5bn, with a publication deadline of June 30 2024.
EU sustainable finance action plan and SFDR: We await confirmation of the Level 2 regulation now set to come into force from July 1 2022. Level 1 requirements became effective from March 2021. The uncertainty around some obligations, alongside investor pressure on many businesses to become Article 8 or Article 9 products, have left managers struggling to stay ahead as SFDR and their ESG programmes develop over time. As we enter into the new year and await final confirmation of the Level 2 requirements, businesses will need to continue to stay fluid in this ever-changing regulatory environment.
3. SMCR – Conduct rules training for staff: The importance of good culture within businesses, including a determination to stamp out misconduct and to support diversity and inclusion, continues to be a prominent topic for the UK regulator. Arrange for staff to receive training in the senior managers and certification regime conduct rules, as well as market abuse, anti-money laundering, anti-bribery, and cybersecurity.
An ongoing focus on good governance, leadership obligations and the senior manager conduct rules means that training for partners and directors has never been more important. Schedule continuing education and training for yourself, your compliance colleagues, and your investment staff in 2022.
4. Post-Brexit
Doing business in Europe: On December 31 2020, UK businesses lost existing passporting rights to offer their products and services across other European Economic Area jurisdictions. Most businesses are now familiar with dealing with a patchwork of local restrictions and requirements, for example through the national private placement regime.
Updating your compliance framework: After 47 years inside Europe, the UK has re-created a stand-alone legislative framework – a process known as on-shoring. The FCA in turn revised its handbook to take account of this new orientation. Businesses have until March 31 2022 to comply with the post-Brexit rulebook. Use this remaining period to update all your compliance documents to reflect the new requirements.
5. Training: This is an area that is critically important for all financial services companies but is where we see many making basic mistakes, from record keeping to content specificity during our reviews. Training must not be a tick-box exercise, it is the foundation to a business's overall culture. Training should be designed appropriately for the business's operations, compliance obligations and risks, and should be well executed and documented.
As employees continue to work from home, training to avoid falling foul of cybercrime is even more vital. Vulnerability to cyber attacks is much higher at home without tighter surveillance and software that naturally comes from being in the office.
6. Financial promotions, marketing, and advertising materials: Re-assess your processes to ensure your marketing activities and promotions are fair, clear and not misleading. Regulations around materials are both complex and subjective. Understand how to identify compliance risks that could lead to problems with key stakeholders: investors, allocators and regulators. This includes subtle distinctions between pre-marketing and full engagement, and what the requirements are for each. Consider adopting a marketing review solution in 2022 to streamline your marketing compliance.
Additionally, the Securities and Exchange Commission has approved a number of changes to Rule 206(4)-1 under the Investment Advisers Act 1940, known as the new 'marketing rule'. All SEC-registered investment advisers need to start considering an implementation plan for the new marketing rule. Businesses have until November 4 2022 to comply with the new marketing rule, however, advisers are encouraged to start training staff on the new requirements as well as make the requisite changes to marketing content before the compliance date.
7. Anti-money laundering: The FCA’s Business Plan for 2021-22 once again put AML at the top of its regulatory priorities and a number of high-profile enforcement cases emphasise that they will not tolerate inadequate controls and processes in this area. We have also seen a new focus on the role of the money laundering reporting officer, with the FCA emphasising its pivotal role on managing the risks of financial crime inside businesses.
Firms should review their AML policies and procedures to ensure that they match the Joint Money Laundering Steering Group's best practice and consider staff training to boost knowledge and compliance in this area.
8. Operational resilience: Review the following for your business to ensure you have established the key components for a robust operational resilience framework: programme governance, business continuity and resilience, third-party and supply chain resilience, cybersecurity resilience, technology infrastructure resilience, digital systems and software resilience, data and information resilience, training, testing, and feedback loop.
Review policies and procedures that help to achieve operational resilience. Review your risk assessment and work with your IT team or provider to ensure all critical items have been addressed. Learn more about building operational resilience and develop a plan for further improvements in 2022.
9. Regulatory examination preparation: Businesses should consider their preparedness in the event of a regulatory examination. For advisers registered with the SEC, they should be aware of the SEC’s examination priorities and be ready for an examination at any time. The SEC continues to examine its registrants based outside of the US. One way to prepare for this is through a mock SEC examination.
10. Market abuse: As working from home remains a reality for most, ensuring adequate e-comms surveillance technology is paramount to monitoring market abuse. The Facebook Group outage earlier this year is a great example of this in action. It forced a workaround for commerce traders who had to continue to communicate across other channels such as WeChat, Signal and Telegram.
However, without advanced e-comms surveillance technology it proved almost impossible to capture the exact data for review. Although it is plausible to capture and surveil WhatsApp, WeChat, Signal, Telegram, and SMS, which can uncover risk as business is transacted across these channels, many businesses do not include these channels in their supervisory programme, leaving a gap in their risk coverage.
11. Transaction reporting: Businesses are not meeting the required standard across a variety of fronts, from incomplete or incorrect data being submitted to their approved reporting mechanism, to failing to reconcile the data, process rejections, and monitor resubmissions. They are being warned that not engaging correctly means that they are not totally complying with the requirement to submit complete transaction reports.
Our research this year into the accuracy of transaction reporting under European Market Infrastructure Regulation/Markets in Financial Instruments Regulation has shown that 97 per cent of businesses reviewed are currently reporting incorrectly. The research shows that most businesses (87 per cent) are confident in the quality of the reports that they submit to regulators via ARMs and trade repositories under Mifir and/or Emir, with many thinking if there is no direct contact from the FCA that all must be well.
However, analysis of the data shows that companies' reports featured, on average, more than 30 separate error types. Suggesting that this is not just a case of a single mistake affecting all reports, it is a potential indication of widespread misunderstanding of how certain reporting requirements apply to businesses and their activities, particularly when arrangements and activities change.
Rejections from the regulator are another issue entirely. Our experience shows that businesses often do not have robust processes surrounding instrument reference data rejections from the FCA. This is despite the FCA openly saying it expects businesses to monitor these types of rejections, and where the company truly believes that the instrument is reportable to continue to try to resubmit the transactions. In fact, we have seen very few companies with an active, well-managed and controlled process surrounding these resubmissions, meaning many businesses are not totally complying with the requirement to submit complete transaction reports.
So, as you start making plans for the new year, perhaps you should include a compliance review in your 2022 resolutions. Hopefully, it will not go in one year and out the other.
Martin Lovick is a director at the ACA Group
