The Financial Markets Authority (FMA) has published the final standard conditions for a financial institution licence, along with a licence application guide and a fair conduct programme (FCP) information sheet. You can find a link to the media release and related documents here.
The Financial Markets (Conduct of Institutions) Amendment Act 2022 (Act) will establish a new regime regulating the conduct of all registered banks, licenced insurers and licenced non-bank deposit takers (financial institutions). The regime is centred around a new overarching fair conduct principle and the establishment of a fair conduct programme to operationalise that principle.
The FMA has said that it is currently expected the Act will come into force in early 2025 (with the FMA saying that it expects MBIE to confirm the commencement date early next year). From the date the regime comes into force, financial institutions that provide relevant services and associated products to consumers in New Zealand will be required to hold a licence and have established and implemented their own FCP.
Given the potential scale of the work involved, including the documentation and review expectations, financial institutions may wish to engage with MBIE now on the appropriate start date for the regime. Noting that the Act itself provides for a three-year longstop date for commencement, which expires in late June 2025.
Standard licence conditions
Earlier this year the FMA consulted on the standard licence conditions to apply to all financial institutions. The final conditions are largely identical to the drafts that were consulted on, with some minor points of clarification in response to submitters' feedback.
The six conditions require a financial institution:
Ongoing requirements: must satisfy at all times the licensing requirements in respect of which the FMA must be satisfied in order to grant a licence under the Financial Markets Conduct Act 2013 (FMCA) (eg directors and senior managers are fit and proper persons).1
Notification of material changes: must notify the FMA of any material changes to the nature of the financial institution's services (eg if the financial institution commences providing a new relevant service or associated product to consumers in New Zealand).
Regulator returns: must provide information to the FMA via yet-to-be published periodic regulatory returns. The returns are expected to collect factual information on the financial institution, such as the relevant services and associated products provided to customers, numbers of customers, numbers and types of breaches of the fair conduct principal, and complaints information.
Outsourcing: must be satisfied that any functions outsourced to third parties allow the financial institution to comply with the fair conduct principal.
Business continuity and technology systems: must establish a business continuity plan for critical technology systems to ensure the continuity of services customers receive from the financial institution.
Record keeping: must keep records to demonstrate how the financial institution has established, implemented, maintained and complied with its FCP.
Licence application guide
The FMA announced applications for a financial institution licence will open on 25 July 2023. To assist with the application process the FMA has published details on how to apply for a licence, along with the application form questionnaire and guidance on the level of detail expected in an application.
The questionnaire will require the applicant to explain the relevant services it will provide to consumers itself, as well as whether it will act as an intermediary to provide services on behalf of another financial institution or other person. The key focus of the licensing questions will be on how the financial institution will comply with the minimum requirements for FCP under section 446J. This will require applicants to have their FCP established and approved by the applicant’s board of directors before applying. However, the FCP need not be fully implemented at the time of application.
There are also questions within the questionnaire on the requirement for financial institutions to publish a summary of their FCP under section 446H.
FCP information sheet
The FCP information sheet provides additional explanations to help financial institutions establish, implement and maintain their FCP.
A consistent theme throughout the information sheet is that a financial institution's FCP needs to be relevant and proportionate to the financial institution's business. This will require the financial institution to consider the nature and complexity of its business, the relevant services and associated products it offers, the distribution channels it uses, the characteristics of different customer groups, and to be able to demonstrate how these considerations impacted the design of its FCP.
In particular, financial institutions will be expected to risk-rate the relevant services and associated products they offer to consumers and the distribution channels used in terms of the potential conduct risks. The FMA has described "conduct risks" as "risks associated with conduct that fails to comply with the fair conduct principle".
The fair conduct principle itself is defined in the Act to mean that "a financial institution must treat its consumers fairly".
The FMA expects financial institutions to place greater emphasis on higher risk services and products and to target resources towards the areas of highest risk.
The information sheet also sets out the FMA expectations for an FCP to establish, implement and maintain:
clear responsibility and accountability arrangements;
continual assurance and review of the effectiveness of the FCP.
Where financial institutions operate as a group of related entities, the FMA has recognised that the entities may determine that it is appropriate and efficient to have a single FCP. However, in that case, the FCP would still need to reflect the unique factors of each financial institution and to be explicitly considered and approved by the governing body of each financial institution.
The FCP information sheet provides some welcome clarity on the FMA's expectations on particular aspects of the FCP minimum requirements.
The work programme required to establish, implement and maintain an FCP is likely to be considerable and require a whole-of-business response. This is likely to be particularly true for financial institutions with a large number of customers and more complex product offerings.
Although the FMA has signalled it is likely to take an educational approach early on, it is clear the FMA has higher expectations for larger and/or more complex financial institutions, given their sophistication and the greater prospect of consumer harm if the fair conduct principle is breached.
The FMA expects financial institutions to have a strong understanding of their customers' needs and where conduct risks exist across their business at all stages of a product's lifecycle, and to be able to demonstrate all of the policies, processes, systems and controls that form part of their FCP to manage these conduct risks. For large and/or more complex financial institutions the FCP will likely need to comprise a large number of interlinking policies, processes, systems and controls to address the different conduct risks it faces. From overarching frameworks governing the structure, roles and governance of the FCP, to granular processes to manage conduct risks for particular services, products and customers.
Further, we note that, in contrast to the new Consumer Duty regime in the UK, consumers and others, not just the FMA, have rights of action under the Act. Accordingly, financial institutions cannot solely rely upon the FMA's enforcement stance to guide their approach to compliance or implementation. Our view is that financial institutions should be conscious, therefore, of the prospect of challenges to the robustness of their FCP from both the FMA and consumers when developing their FCP.