2018 continues to be a busy time in the regulatory space. The pace of regulatory change is not slowing down. In the first half of this year alone, a concentration of far-reaching regulations will take effect, with banks under increasing pressure to deal with the complexities of their diverging regulatory frameworks. Below I’ve outlined what lies in store for each jurisdiction from a regulatory perspective.
The year was kicked-off in regulatory style with the introduction of MiFID II. The long-awaited arrival of MiFID II has not been without its challenges; one of the obstacles has been managing the last-minute reprieves/guidance from regulators and ESMA. On 20th December 2017, investment firms were granted a temporary six-month grace period from MiFID II’s legal entity identifier (LEI) reporting requirements, less than two weeks before MiFID II was going live on 3rd January 2018. Whilst this was somewhat welcomed, many firms and regulators had already put controls and systems in place under the assumption that no reprieve/relief would be given.
It is expected that the final text for the Fifth European Money Laundering Directive will be finalised, endorsed and signed by both the Council and Parliament this year. Following publication in the Official Journal of the EU, Member States will have up to 18 months to transpose the Directive into local law, expected by the end of 2019. Current indications are that the vote will take place the month of April 2018. The Fourth Anti-Money Laundering Directive was originally due to be transposed by June 26th, 2017, however, up to 17 countries did not meet the deadline and some still have not.
The draft Directive incorporates a set of proposed amendments to the 4AMLD in an effort to:
- Prevent the use of the financial system for the funding of criminal activities; and
- Strengthen transparency rules to prevent large-scale concealment of funds.
There are five main areas of change proposed to directive 2015/849:
- Create Beneficial Ownership registers;
- Tackle Risks Related to Virtual Currencies;
- Tackle Terrorism Risks Related to Anonymized Prepaid Cards;
- Facilitate Greater Co-operation Between Member States’ FIUs;
- Ensure High Level of Safeguards for Financial Flows from High-Risk Third Countries.
From May of this year, we will also have the European General Data Protection Regulation (GDPR). It’s important to note that the application of GDPR is not just confined to banks in the European Union. Extra-territorial in scope, GDPR applies to organizations both established within and outside of the EU that possess or process personal information relating to EU individuals.
With the raft of regulations across Investor Protection, Data Protection, AML and CDD, it will be important to manage any conflicts and nuances. An example of this is evidenced by the need to balance the apparent anomalies between protecting investors under MiFID II through the collection of more information about them and their respective activities, while respecting their strengthened data privacy rights under GDPR. This effectively puts banks between a rock and a hard place in terms of managing this delicate balance of requirements. In order to be able to demonstrate a sufficient degree of GDPR compliance, firms will need to ensure that they have tested their systems, processes and newly-implemented policies and procedures to confirm that they can comply with enhanced data subject rights and additional obligations under GDPR. As part of this review process, firms should map current and anticipated client data flows and conduct a data audit to evaluate data lifecycle management within the organization. My colleagues, Ciara Kennedy and Aoife Harney recently collaborated on a blog on this topic for Data Management Review;
With relation to the Securities Financing Transaction Regulation (SFTR), the industry is now waiting for the endorsement by the European Commission of the Final Report and Technical Standards issued by ESMA in April 2017. Once the report is endorsed, the 12-month countdown to the SFTR reporting obligation begins. We are, therefore, looking at a reporting start date of Q2 2019.
The FinCEN Final Rule (CDD) will be formally introduced in May 2018 and is a significant addition to the Bank Secrecy Act program, providing greater alignment between US AML rules and FATF’s international standards. While FinCEN Final Rule (CDD) offers additional guidance to close a gaping hole in current BSA/AML regulations with regards to beneficial ownership, there are some differences in the US approach, such as specific exemption types and account-level beneficial ownership.
On 20th August 2018, the Canadian Central Clearing obligation will come into force. This means that mandatory clearing will apply if at least one of the parties to a transaction is a local counterparty in Canada and each party falls under one of the following categories:
- A participant, i.e. clearing member, in a regulated clearing agency that subscribes for clearing services for the classes of derivatives in scope. Clearing is already in force for this category;
- A Participant Affiliate (i.e. an affiliate of an entity that is a clearing agency participant meeting the threshold test);
- A local counterparty meeting the threshold test.
To comply with this requirement, Canadian banks will need to track and code affiliates. This will involve a significant amount of data reviews, remediation and classification. Banks will also have to perform client outreach to collect information pertinent to this process.
One of the key community-based initiatives for the APAC region was the APAC AML Roundtable. The Fenergo team travelled to Sydney in November to run AML workshops with the APAC community. A follow-up session was held in February and proved to be highly engaging, receiving valuable input from all attendees. In addition to the items mandated by Austrac, we looked at the non-mandatory information collected across industry (for value-add down the chain, monitoring, event driven reviews, etc). We will compile an aggregated view of industry best practice as the direct output from these sessions. The next AML Working Group session will focus on requirements in Singapore and Hong Kong. Eventually, we will roll out to the wider APAC region.
In tandem with an increased enforcement focus, Hong Kong's Financial Services and Treasury Bureau (FSTB) has introduced a number of proposed AML reforms as part of its Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance (AMLO), which came into force on March 1st, 2018. The AMLO broadens the number of entities in scope for customer due diligence (CDD) and record keeping requirements.
In accordance with FATF recommendations, the AMLO relaxes the beneficial ownership threshold, removing the current 25%:10% threshold split for medium-to-high-risk businesses. The FATF-recommended 25% threshold will be applied instead across the board to all non-financial businesses using a floor vs. ceiling approach in which covered institutions may apply a higher floor in circumstances of heightened risk.
Reflecting a more technologically-advanced and digitalized financial world, the AMLO introduces flexibility regarding the measures permitted to be taken for verifying a customer’s identity to include electronic means for obtaining customer information.
As a result of these upcoming regulations and changes, the Fenergo Regulatory Team and Client Community have been kept quite busy. A couple of the major highlights include:
- Delivery and roll-out of the MiFID II solution (a result of more than 12 months of regulatory forum work);
- Working groups sessions across FinCEN Final Rule, OTC Reform, GDPR, 15a6 and Investor Protection.
Finally, I would like to take this opportunity to thank you all for your engagement and support in the regulatory community and look forward to working again with you throughout 2018.