One likely impact of the decision of the United Kingdom (UK) to leave the European Union (EU) is that the UK’s financial services industry will lose automatic rights of access to the EU’s free trade area (the Single Market) that are obtained through “Single Market” passports and other Single Market access arrangements.1

It is possible that forthcoming Brexit negotiations between the UK and the remaining post-Brexit members of the EU (EU27) will result in the UK financial services industry having transitional access to the Single Market after Brexit, pending a bespoke financial services deal.2 However, the extent and nature of these arrangements (if indeed available) will not be clear for some time. The UK, in the absence of a time extension for Brexit negotiations, is due to leave the EU by April 2019. Given that it could take UK financial services firms between 12 to 18 months to set up an appropriately licensed EU27 presence, it is likely that some will soon set up EU affiliates (EU27 Affiliates) that will then apply for the requisite regulatory licences that will allow them to continue their EU operations post-Brexit while delegating some functions back to the UK.

In anticipation, ESMA,3 the pan-EU securities regulator, last week published a formal opinion (Opinion) that provides guidelines to EU27 financial services regulators on the points that they need to take into account when considering licensing applications to be made by EU27 Affiliates. A copy of the Opinion can be found here.

Internationally active financial services groups that have UK or EU27 Affiliates that are operating, or that intend to operate, in the EU using passports granted under the Alternative Investment Fund Managers Directive (AIFMD), the UCITS directive or the MiFID 1 and MiFID 2 directives should read the Opinion. The Opinion attempts to prevent a “race to the bottom” among EU27 countries that wish to attract EU27 Affiliates of UK firms to their jurisdictions. The Opinion also envisages a rigorous licensing and supervision process that is intended to prevent EU27 Affiliates being mere “brass plates” without the requisite substance and to ensure that any delegation of functions by EU27 Affiliates to affiliated UK-regulated firms is appropriate and controlled. Although aimed primarily at arrangements intended to mitigate Brexit risk, the Opinion is also relevant to international financial services groups that make use of an EU27-based provider that delegates, outsources or enters into back-to-back arrangements with non-EU entities (e.g., EU management companies delegating discretionary decision-making to an offshore investment adviser or a broker-dealer using an EU booking entity as part of a back-to-back trading arrangement). The Opinion’s principles could be used to require those EU27 regulators that maintain a light touch in this area to adopt a more rigorous approach that is consistent with that taken by other regulators. An over-rigorous interpretation of the Opinion by EU27 regulators risks making it more difficult and costly for all non-EU groups (not just those in the post-Brexit UK) to set up efficient EU operations.

ESMA has indicated that it will develop sector-specific opinions for asset managers, MiFID investment firms and those operating in secondary securities markets. These might help clarify some of the very high-level principles set out in the Opinion summarised below. We do expect, however, that implementation of the Opinion’s principles, some of which express current EU regulatory standards, will continue to differ between EU27 jurisdictions. A number of EU27 jurisdictions have declared an interest in providing a home to affiliates of UK entities that wish to have continued access to the Single Market. It would be a surprise if the Opinion deterred them from continuing to implement this aim although, they may seek to focus attention on other benefits to using their jurisdiction rather than just their local regulatory regime.

The ESMA Opinion is broken down into nine general principles:

Principle 1: EU27 regulators should not provide automatic recognition to an EU27 Affiliate based on the affiliated UK- regulated firm’s current licence. This is perhaps stating the obvious from a legal perspective, but may be designed to prevent EU27 regulators providing regulatory licences to EU27 Affiliates more quickly than usual based on the fact that the applicant will belong to a group that is regulated in the UK and currently subject to EU financial services regulation.

Principle 2: EU27 regulators should rigorously assess applications made by EU27 Affiliates. Applications should contain a detailed programme of operations. Regulators should assess the EU27 Affiliate’s governance, structure, human and technical resources and geographical distribution of activities, as well as outsourcing and delegation arrangements. The Opinion also asks regulators to reject applications that indicate clearly that the EU27 Affiliate has opted to set up in their EU member state in order to avoid stricter standards in force in another EU member state where that Affiliate intends to carry out the bulk of its operations. It is not clear how this part of the principle will be policed, whether certain EU27 regulators would concede that they implement less-strict EU standards that in theory are harmonised, and what “stricter standards” means (e.g., stricter interpretations of EU harmonised standards or “gold-plated” standards that go beyond EU legal requirements). However, ESMA may be taking aim at jurisdictions where financial services businesses are established which then provide the bulk of their services into a small number of other EU jurisdictions using cross-border services passports.

Principle 3: As an extension to Principle 2 above, EU27 regulators should be able to verify the objective reasons for an EU27 Affiliate’s effective relocation after review of its programme of operations that is filed with its licensing application. Therefore, that programme of operations should contain information on prospective investors, on marketing and promotional arrangements, and on the location of the development of products and services. At the moment, it is not clear what objective reasons will suffice. However, we expect financial services groups to focus on any applicable tax treaties and whether the relevant EU27 jurisdiction is an established centre of excellence for the type of service in question with access to a wide variety of good-quality local service providers.

Principle 4: EU27 regulators should reject applications where the EU27 Affiliate’s extensive use of outsourcing creates a “letter-box” entity in the EU with the performance of all substantial activities or functions being carried on outside the EU. This principle reflects existing EU regulatory standards and can be found in a variety of EU laws and regulations (e.g., the AIFMD).

Principle 5: Outsourcing and delegation to entities based in “third (i.e., non-EU) countries” is only possible under strict conditions. The EU27 Affiliate must retain the ability to direct and control the outsourced or delegated function. Further, some EU laws only allow the outsourcing of certain functions to third-country entities in the event that there are cooperation agreements in place between that third country and the relevant EU jurisdiction (e.g., the AIFMD in the case of delegations of portfolio management by EU-licensed alternative investment fund managers). This point raises issues for UK discretionary managers who advise or sub-advise EU-regulated alternative investment funds. In the absence of the negotiation of a transitional arrangement, and if cooperation agreements are not entered into between the UK Financial Conduct Authority and the relevant EU27 regulator, UK discretionary managers would have to stop acting as discretionary manager for these type of funds.

Principle 6: EU27 regulators should ensure that the EU27 Affiliate will have sufficient substance. To do this, EU27 regulators should have access to all data related to the outsourced or delegated activities or functions and to the business premises of the service provider or delegate. This reflects current EU regulatory standards where EU regulators after consultation with local non-EU regulators may have access to locally licensed third-country entities. In addition, certain activities and functions that are key to the proper functioning of the EU27 Affiliate as a regulated entity need to be retained in the EU27 and cannot be delegated outside the EU. Although no exhaustive list of such activities and functions is provided, EU regulators are asked to focus on the EU27 Affiliate’s internal control functions, IT control infrastructure, risk assessment, compliance functions, key management functions and sector-specific functions. It remains to be seen how this will be implemented especially for entities that are part of groups that are subject to group standards and infrastructure.

Principle 7: EU27 regulators should ensure that the EU27 Affiliate complies with sound governance requirements. Key executives and senior managers must be employed in the EU27 member state where the EU27 Affiliate is established and work there to a degree proportionate to their role, if not on a full-time basis. EU27 regulators should satisfy themselves that the EU27 Affiliate will “dispose of decision-making” powers in the EU jurisdiction where it is established by assessing the quality and appropriate presence of executive board members and/or senior management. This principle expresses current EU head office “mind and management” requirements, which are subject to different interpretations across the EU. It remains to be seen whether ESMA’s sector-specific guidance mentioned above will attempt to set a harmonised standard for these requirements across the EU.

Principle 8: EU27 regulators must have adequate resources and capacity to monitor, supervise and enforce EU27 Affiliates’ compliance with EU law. This includes the ability to inspect the activities and functions of service providers and delegates based outside the EU.

Principle 9: ESMA will develop regulatory tools to ensure that supervisory practices converge among the EU27 in this area. ESMA concludes its Opinion by stating that it stands ready to issue further opinions, peer review EU27 regulators and investigate EU27 jurisdictions that may have breached EU law in this area.