CYBER SECURITY IN FINANCIAL SERVICES FIRMS – FCA SPEECH OUTLINING SUPERVISORY APPROACH

Nausicaa Delfas, Director of Specialist Supervision of the FCA, gave a speech on 21 September 2016 highlighting the FCA’s concerns about cybercrime in light of its objectives of securing appropriate protection for consumers, protecting and enhancing the integrity of the UK financial system and promoting effective competition. The purpose of the speech was to emphasise the significant risk that cybercrime poses to regulated firms and to clarify that the FCA and firms have a shared responsibility with regard to cyber security. Ms Delfas indicated that the FCA will be looking for firms of all sizes to develop a “security culture”.

Ms Delfas emphasised that cyber resilience is a priority for the FCA and that, for this reason, the FCA has created a specialist team to lead its work in this area. Ms Delfas indicated that the FCA is aware that cyber threats are evolving and increasing in number year-onyear. Accordingly, Ms Delfas emphasised that firms as well as the FCA need to remain vigilant and flexible in tackling challenges relating to cyber-attacks since the challenges may become greater in the future. The key points from the speech are as follows:

The FCA’s approach to cyber security

Cyber security is a shared interest and responsibility and accordingly the FCA intends to continue working with the cyber security industry and encouraging engagement from firms in order to increase cooperation. The FCA’s focus has been two-fold: engaging nationally and internationally to ensure a co-ordinated approach to address the threat, whilst focussing its supervisory attention on the largest firms that are critical to national infrastructure. For example, the FCA has been involved in writing guidance on cyber resilience, worked as part of the G7 expert group, co-ordinated with other public bodies and has undertaken resilience exercises with industry and other regulators. In terms of supervisory attention, the FCA also indicated that it will now focus on the broader population of firms that it regulates and will assess firms that pose the greatest risk to its objectives, regardless of the size of the firm.

Developing a “security culture”

The FCA expects firms to develop a “security culture”, driven from board-level downwards. The foundation on which a “security culture” can be developed is good governance around cyber security. “Good governance” means that management must be engaged with, and responsible for, cyber security. The FCA intends to observe whether firms have identified their key assets and imposed adequate protections in respect of cyber risk. Such protections include well-trained staff, good security screening of staff and regularly tested protection systems. Firms also need to ensure that they have adequate detection capabilities, as well as recovery and response systems. Information sharing is also important in enhancing protections more broadly.

Emerging risk areas

Ransomware is a threat to firms and customers, and it may increase significantly. Ransomware is a type of software that can block access to key information until a ransom is paid. Firms should monitor developments since such attacks can be highly sophisticated. The FCA also expects firms to be aware of the risks of “self-propagating malware”.

The FCA recognises risks in relation to data storage. Firms need to be aware of the threat profiles of cloud providers to which firms are outsourcing many key services, confirming that firms can outsource such services, but reminding firms that they will remain responsible for them. The FCA recognises that there is a shortage of skills relating to cyber security and that some firms are struggling to recruit staff to respond to threat and analyse the relevant data.

Cyber threats are increasing and evolving, and most attacks are caused by basic failings and, accordingly, firms should instil a “security culture”. Via a risk-based approach, the FCA will be contacting a wider range of firms regarding cyber resilience, focusing on those that may pose the greatest risk to its objectives following a successful attack. The FCA considers cyber security to be a priority, and it intends to drive up standards and engage with industry with regard to cyber security in the future.

SUPER-COMPLAINT FROM WHICH? TO THE PSR

The Payment Systems Regulator (PSR) published a press release on 23 September 2016 explaining that it has received a super-complaint from Which?, the consumer body, regarding its concerns about safeguards in the push payments market. The PSR responded to Which?’s super-complaint on 16 December 2016.

“Push payments” are payments made by consumers by sending money to the payee’s bank account. Push payments include payments via Faster Payments, CHAPS and BACS. Super-complaints can be brought by designated representative bodies, such as Which?, under section 68(1) of the Financial Services (Banking Reform) Act 2013 where the complainant believes that aspects of a payment systems market are, or appear to be, significantly damaging to the interests of service users. The PSR was required to respond to the super-complaint within 90 calendar days.

In its super-complaint, Which? sets out its concerns about the level of protection for consumers targeted by fraudsters aiming to deceive them into transferring money via push payment. Which? argued that protections in respect of push payments are insufficient in comparison to the protections afforded to other types of payments, such as credit and debit card payments and direct debits identifying that there has been an increasing number of such scams occurring and highlighting that the harm caused can be substantial. Affected victims can be left with large losses which can cause distress and diminish overall consumer confidence in the use of electronic payment systems.

Which? considers that an investigation is required to address the extent to which banks could modify their conduct to reduce the harm caused to consumers by scams which lead to the authorisation of push payments to fraudster payees and to consider possible changes to legislation or regulation in order to incentivise banks and payment system operators to counter the risks of such scams thereby improving protection for consumers. Which? proposed two remedies to address consumer protection in the push payments market. The first option is to place more liability on banks for the losses resulting from such scams with the intention of incentivising those entities to take steps to prevent such loss. The second option is to set standards for risk management in relation to push payments that banks must meet when processing such transactions, suggesting that banks could be held liable for losses arising from a payment if it was made without compliance with those standards. Which? recognised that some actions are currently being undertaken in the market to improve consumer protection, including efforts by Payments UK, the Home Office and Ofcom. It also recognised that the banking industry is trying to educate consumers so that they can better protect themselves against such scams.

The PSR stated in its response to Which?’s supercomplaint that push payments scams present a “growing problem that needs to be addressed”. It carried out research on the scale of the problem, the current legal and regulatory protections for victims, how banks protect victims, and whether there are any other proposals/changes that may result in a reduction of the impact of such scams. The PSR outlined its findings, identifying three main issues:

1) The way in which banks work together in responding to the reports of such scams needs to improve

2) Banks could potentially do more to identify fraudulent payments and prevent the influence of fraudsters

3) The available data on the scale and types of such scams is currently inadequate.

The PSR has agreed with Financial Fraud Action UK certain actions to help address its concerns, including the development of an understanding about what information can be shared between payment service providers under the current law and the key barriers to sharing further relevant information, the development of a common industry approach or standard that payment service providers should follow when reporting incidents, and the collection and publication of scam statistics to address the lack of quality data. The PSR stated that it will monitor this work and review industry progress in the second half of 2017. It concluded, however, that there is insufficient evidence to pursue changing the legal liability of banks, but said that it would reconsider its position if additional evidence comes to light.

INDIVIDUAL ACCOUNTABILITY AND CULTURE IN BANKING – FCA PROPOSES NEW MEASURES

On 28 September 2016, the FCA marked six months since the implementation of the Senior Managers and Certification Regime by providing feedback on its implementation so far and proposing measures to further strengthen the regime. The new measures are part of the FCA’s continued focus on culture and build on initiatives to further empower it to identify and hold senior individuals in banking and insurance firms to account.

Background

On 7 March 2016, the new Individual Accountability Regime (IA Regime) came into effect. The IA Regime governs certain individuals in UK banks, building societies, credit unions, PRA-designated investment firms and branches of foreign banks operating in the UK (relevant authorised persons or RAPs). The IA Regime was introduced by the Banking Reform Act 2013 and driven by the findings of the Parliamentary Commission into Banking Standard’s report, Changing Banking for Good.

There are three key elements of the IA Regime: the Senior Managers Regime (SMR), the Certification Regime and the Conduct Rules. The SMR applies to individuals who perform a Senior Management Function (SMF) in RAPs (Senior Managers). The Certification Regime applies to all individuals (Certified Persons) who are “material risk-takers” (staff subject to the Dual Regulated Firms Remuneration Code) and other staff who pose a risk of significant harm to the RAP or any of its customers. The third element of the IA Regime are the enforceable Individual Conduct Rules and Senior Manager Conduct Rules found in the FCA’s Code of Conduct sourcebook (COCON) and the PRA’s Rulebook (together, the Conduct Rules).

From 7 March 2017, the Conduct Rules will apply to all RAP employees excluding ancillary staff (such as receptionists, post room staff etc).

FCA publications

On 28 September 2016, the FCA issued the following publications:

■ FCA Consultation Paper (CP 16/26), Guidance on the duty of responsibility: amendments to the Decision Procedure and Penalties Manual;

■ FCA Consultation Paper (CP 16/27), Applying out Conduct Rules to all non-executive directors in the banking and insurance sectors; The PRA also published Consultation Paper (CP 34/16), on strengthening individual accountability in banking and insurance: amendments and optimisations;

■ FCA Policy Statement (PS 16/22), Strengthening accountability in banking and insurance: regulatory references final rules; The PRA had also published the related PRA Consultation Paper (CP 27/16);

■ FCA Discussion Paper (CP 16/4), Overall responsibility and the legal function;

■ Supervisory review of statement of responsibilities and responsibilities maps contained in four Feedback Statements (FS 16/6, FS 16/7, FS 16/8, and FS 16/9);

■ FCA Consultation Paper (CP 16/25), Whistleblowing in UK branches of overseas banks; and

■ FCA Consultation Paper (CP 16/28), Remuneration in CRD IV firms: new guidance and changes to Handbook.

These publications propose new rules and guidance that reinforce the importance of individual accountability at the most senior levels of RAPs. They set out the regulators’ expectations on how RAPs should document responsibilities and provide final rules on regulatory references. Such references allow RAPs to share relevant information to support their assessment of potential new recruits as fit and proper for their regulated roles.

The publications also propose subjecting the role of General Counsel to the SMR and ensuring that all nonexecutive directors (NEDs) are subject to the Conduct Rules which impose enforceable behavioural standards, including the duties to act with integrity and due care, skill and diligence. 

FCA and PRA propose to apply conduct rules to all non-executive directors

The FCA has published a Consultation Paper (CP 27/16) which proposed the extension of the FCA COCON to all NEDs in all RAPs. The PRA has also published Consultation Paper (CP 34/16) which also consults on extending the Conduct Rules to relevant RAPs and insurers.

From 7 March 2017, the Individual Conduct Rules will be expanded to apply to all staff in RAPs (excluding ancillary staff). The PRA notes in CP 34/16 that it would be “unusual” for the Conduct Rules to apply to relatively junior employees from that date, but not NEDs, who perform senior roles at RAPs. NEDs who are neither Chairman, Senior Independent NEDs, nor the chairs of board committees are referred to as “Standard” NEDs.

The regulators had initially proposed in FCA CP 14/13 and PRA CP 14/14 that all Standard NEDs be in-scope of the SMR and captured under SMF15. However, following consultation, the position was revised in FCA CP 15/5 and PRA CP 7/15. The FCA noted that Standard NEDs do not have specific responsibilities and that the presumption of responsibility would encourage Standard NEDs to take a more “executive” role contrary to their purpose providing of independent oversight. Only “Approved NEDs” who perform SMFs like SMF9 Chairman and SMF10 Chair of Risk Committee are currently accountable to the regulators for the Conduct Rules. SMF15 remains unused and conspicuously absent from the list of FCA and PRA designated SMFs. As an interim fix, the PRA in Policy Statement PS 16/15 required Standard NEDs to be contractually obliged to their RAPs to comply with Individual Conduct Rules 1–3 and Senior Management Conduct Rule 4.

Standard NEDs are still bound by their common law directors duties and by their duties from the Companies Act 2006. Many of these duties are similar to the Conduct Rules, such as the statutory duty to exercise reasonable care, skill and diligence overlapping with Individual Conduct Rule 2 to act with due skill, care and diligence. A key difference however, are the lower hurdles that the regulators need to overcome in order to levy a financial penalty for breach of the Conduct Rules.

The Bank of England and Financial Services Act 2016 amended section 64A of FSMA to include “directors” thereby empowering the regulators to take enforcement action for misconduct against all NEDs for breach of the Conduct Rules regardless of whether they perform a SMF or other controlled function.

The FCA, in CP 16/27, propose to exercise its recently allocated power and make the following proposals:

1. Standard NEDs will be subject to the Individual Conduct Rules set out in COCON 2.1. These rules include the duty to act with integrity (Rule 1), the duty to act with due skill, care and diligence (Rule 2) and the duty to be open and cooperative with regulators (Rule 3).

2. Senior Conduct Rules 1, 2, 3 should not apply to standard NEDs, unless a person is both a NED and also falls into one of the other categories of “Senior Conduct Rules Staff” as defined in the Glossary of COCON (i.e. a SMF manager, an employee of a relevant authorised person who performs the function of a SMF manager, an approved person performing a controlled function in a Solvency II firm or a small non-directive insurer where the controlled function is a significant-influence function, or a standard non-executive director of a relevant authorised person, a Solvency II firm or a small nondirective insurer).

3. Additional guidance to Individual Conduct Rule 2 is suggested in order to clarify that this rule applies to a director when acting as a member of the Board and any other governing body and any of that body’s committees.

4. Applying Senior Conduct Rule 4 (SCR4) to all standard NEDs. SCR4 imposes the duty to disclose any information of which the FCA or PRA would reasonably expect notice.

5. The extension of the COCON guidance on the role and responsibilities of NEDs to insurance firms.

6. Column J of the conduct breach report (Form H) should be amended in order to identify which conduct breaches are being notified by standard NEDs.

Similar proposals are put forth by the PRA in CP 34/16.

Both consultations close on 9 January 2017. After feedback from the consultations has been received and reviewed, the final rules will be issued in 2017.

Overall responsibility and the legal function

The FCA issued a Discussion Paper (DP 16/4) on the overall responsibility and the legal function under the SMR. The IA Regime requires a Senior Manager to have overall responsibility for each area of the RAP’s business. This may extend to the legal function within each RAP. Where a specific SMF does not exist to cover each area of the business, the regulators use SMF18 as a general catch-all to ensure complete coverage of a RAP by a responsible Senior Manager. In practical terms, the head of the legal function may be appointed as a SMF18, if not already classified as performing another SMF.

In DP 16/4, the FCA moved to reassure industry that legal safeguards, such as legal professional privilege, will be maintained. The FCA acknowledged that section 59ZA of FSMA does not extend to giving legal advice, noting that it instead was the management of the function and not the provision of legal advice that brings the head of the legal function into the SMR. Having overall responsibility for the legal function is likely to come within section 59ZA, as it will involve management of that function.

In DP 16/4, the FCA noted the concerns about using privileged information to demonstrate “reasonable steps” may have been driven by the formerly applying presumption of responsibility. The replacement of the presumption with the duty of responsibility now places the burden on the regulators to prove whether or not reasonable steps have been taken – not the Senior Manager. The FCA also reassured the legal profession that section 413 of FSMA protects legal privilege by providing that no power under that Act can be used by the FCA to require the disclosure of “protected items” which includes LPP items. The FCA did not express a final view but invited feedback from stakeholders on the FCA’s policy analysis, as well as views on whether the legal function should be included within SMR. Interested parties should submit their response by 9 January 2017.

FCA statement of responsibilities and management responsibilities map

The FCA engaged in an in-depth supervisory review of a large range of Statements of Responsibilities and Management Responsibilities Maps which are documents required by the “SMR”. The FCA found that most RAPs had engaged with the challenges of implementing the IA Regime and had invested a considerable amount of effort in preparing for it. In the vast majority of cases, RAPs had considered how the SMR applied to them and had identified Senior Managers and allocated SMFs and prescribed responsibilities appropriately.

The FCA did, however, identify a number of issues where some RAPs were not meeting the relevant rules and guidance as set out in the FCA Handbook. Among the issues raised are the following:

■ In some RAPs’ submissions, it was not clear that all the business functions and activities of the RAP had been allocated as overall responsibilities;

■ Stated responsibilities were not always clear;

■ There was wide variation in the quality of Management Responsibilities Maps;

■ In a number of cases, Management Responsibilities Maps did not give enough information around governance arrangements, particularly where the RAP was part of a wider corporate group.

RAPs should review their Statements of Responsibilities and Management Responsibilities Maps in light of this feedback and, where necessary, revise them using the rules and guidance provided by the FCA and the PRA. If this review results in a significant change to the responsibilities of a Senior Manager, RAPs should notify the FCA using Form J.

TRANSPOSING MIFID II IN THE UK – THIRD FCA CONSULTATION

On 29 September 2016, the FCA published its third consultation paper (CP 16/29) on the implementation of the second Markets in Financial Instruments Directive (MiFID II) in the UK. The consultation seeks the views of the stakeholders on the proposed changes to the FCA Handbook and makes key proposals concerning conduct of business rules, product governance, telephone taping for financial advisers and knowledge and competence requirements.

FCA proposals

The FCA focuses on conduct of business issues, including:

■ inducements (such as adviser charging)

■ research

■ client categorisation

■ disclosure requirements

■ independence

■ suitability

■ appropriateness

■ dealing and managing, underwriting and placing,

■ investment research

■ other conduct matters

The FCA’s proposals also touch on:

■ product governance

■ knowledge and competence requirements

■ recording of telephone conversations and electronic communications (taping)

■ supervision manual, authorisation and approved persons and perimeter guidance

FCA CP 16/29 is published with a view to the MiFID II implementation date of 3 January 2018, by when the UK must be compliant with the legal obligations deriving from EU law. The FCA is also considering exercising its discretion to regulate further than what is required by MiFID II in some respects. As MiFID II is a Directive there is scope in certain respects for “super-equivalence” (see the requirements on taping discussed further below).

Inducements and research

In CP 16/29, the FCA proposes a new Conduct of Business sourcebook (COBS) rule 2.3B which transposes article 13 of the Commission Delegated Directive C(2016) 2031 supplementing Directive 2014/65/ EU (the MiFID II Delegated Directive). It will also transpose (as guidance) certain recitals of the MiFID II Delegated Directive on how MiFID investment firms should operate a research payment account and collect charges. MiFID investment firms that wish to use client funds to obtain client-specific research reports should pay close attention to these requirements in COBS 2.3B, in particular the requirements of oversight, audit and controls regarding any research payment account. Clients must agree to any charges on the account and arrangements must be put in place to remit any unused funds back to the relevant clients.

The FCA proposes to incorporate the MiFID II investment research provisions into a single COBS chapter as well as adding guidance to clarify that the new rules will apply to both investment research and non-independent research. The current rules require MiFID investment firms to manage conflicts of interest in relation to the financial analysts involved in the production of investment research and other relevant persons whose responsibilities or business interests may conflict with the interests of the persons to whom research is disseminated. A particular change in MIFID II is a requirement not just to manage conflicts but also to prevent them.

Costs and charges disclosure

The FCA proposes to amend COBS in line with the provisions in MiFID II and the MiFID II Delegated Directive.

The new disclosure requirements are primarily applicable to MiFID investment firms doing MiFID business and will:

■ require the disclosure of appropriate information to clients with regard to the MiFID investment firm and its services, the financial instruments and proposed investment strategies, execution venues and all costs and related charges (see new COBS 2.2 A), and

■ require additional disclosures in respect of safeguarding client instruments and funds as well as information about costs and associated charges.

Fair treatment of customers

Fair treatment of customers constitutes an overarching theme for both MiFID II and CP 16/29 and as such it can be traced throughout the FCA consultation. Disclosure requirements, as well as independence requirements both serve the policy aim of fair treatment of customers.

MiFID investment firms providing independent advice will have to “assess a sufficient range of financial instruments available on the market which must be sufficiently diverse with regard to their type and issuers or product providers to ensure that the client’s investment objectives can be suitably met”. The FCA states that it intends to implement the MiFID II standards to all retail investment products for UK retail clients. Rules in the MiFID II Delegated Directive in relation to the robustness of a MiFID investment firm’s product selection process will also be applied to non-MiFID II business. For professional clients and non-UK retail clients, the FCA will only apply the MiFID independence standard on MiFID financial instruments and structured deposits.

Moreover, both the suitability and the appropriateness requirements support the fair treatment of customers and ensure that they are not misled or confused when choosing a financial product. Rules transposing the MiFID II suitability requirements will be set out in a new COBS 9A. The new rules include more specific requirements to ensure suitability of personal recommendations, such as the obligation to ensure information about the client is up-to-date where the MiFID investment firm is providing ongoing advice or a discretionary management service. Additionally, the rules clarify that, where advice or a discretionary management service is provided wholly or partly through an automated system, the MiFID investment firm’s remains responsible for the suitability assessment. Responsibility is not diminished by use of an automated system.

The FCA proposes to add two new criteria to the list of non-complex criteria in COBS 10.4.1 R (3), namely that the product does not:

■ contain a clause, condition or trigger that could fundamentally alter the nature or risk of the investment or pay out profile; and

■ include exit charges that have the effect of making the investment illiquid even though the client may have frequent opportunity to dispose, redeem or realise the product.

The FCA will also include in COBS 10:

■ a rule that where a bundle of services or products is envisaged, the MiFID investment firm must consider whether the overall bundled package is appropriate; and

■ a specific requirement for MiFID investment firms to keep records of appropriateness assessments, including, where a warning was given to a client, whether the client decided to go ahead despite the warning and whether the MiFID investment firm accepted the client’s request to go ahead with the transaction.

Telephone taping

MiFID II introduces for the first time an EU-wide requirement for MiFID investment firms to record telephone conversations and electronic communications when providing specific client order services that relate to the reception, transmission and execution of orders, or dealing on their own account. The FCA will consolidate the rules into Senior Management Arrangements Systems and Controls Sourcebook of the FCA Handbook.

The FCA proposes to apply the MiFID II taping regime to a wider range of situations than those required by MiFID II, namely:

■ the service of portfolio management, including removing the current qualified exemption for discretionary investment managers;

■ corporate finance business;

■ energy market activity or oil market activity; and

■ the activities of collective portfolio managers (full-scope UK alternative investment fund managers (AIFMs)), small authorised UK AIFMs and residual collective investment scheme operators, incoming EEA AIFM branches and undertakings for collective investment in transferable securities management companies).

Next Steps

The consultation closed on 4 January 2017. All MiFID investment firms are expected to be “MiFID II ready” by 3 January 2018 and compliant with the enhanced regulatory regime.

UK IMPLEMENTATION OF MIFID II – FOURTH FCA CONSULTATION

On 16 December 2016, the FCA published its fourth and final consultation paper (CP 16/43) on the implementation of the Markets in Financial Instruments Directive II (MiFID II) in the UK. The consultation, which follows three previous consultations, i.e. CP 15/43, CP 16/19 and CP 16/29, addresses a range of broadly technical and consequential matters which have not previously been covered.

CP 16/43 was consequently drafted in the context of the UK preparing to exit the EU regulatory framework. As repeatedly noted by the FCA, firms must continue with the implementation plans for MiFID II, until there is further guidance regarding the exit of the UK from the EU.

More specifically, CP 16/43 touches upon the following issues:

1. Specialist regimes: Conduct of Business (COBS) 18 contains a number of tailored conduct regimes covering MiFID and non-MiFID business for specialist types of investment business. The regimes generally work by referencing other parts of COBS. The FCA mostly updates references in COBS 18, while some more substantive changes are consulted on. For example, it was proposed that certain MiFID II requirements on taping and investment research will be applied to energy and oil market participants conducting non-MiFID II business.

2. Tied agents: The MiFID tied agent regime was implemented in the UK using the authorised representative framework. Tied agents of MiFID investment firms which carry on regulated activities in the UK are also authorised representatives. Where a tied agent does not carry on regulated activities, they are also not authorised representatives. At present, certain members states of the EU do not allow MiFID investment firms for which they are the home state supervisor to appoint a tied agent. This may lead to the problematic situation where a UK MiFID investment firm appoints a tied agent from one of those member states but that tied agent cannot be registered in their home state. That tied agent needs to be registered with the FCA. Under MiFID II, it will no longer be the case that tied agents established in other member states will need to be registered in the UK, as all member states will be required to maintain tied agent regimes. The FCA will propose amendments to the existing tied agents rules and guidance in SUP 12 to reflect the changes brought about under MiFID II. Specifically, the FCA will clarify the territorial application of SUP 12 and introduce new definitions for those new populations of authorised representatives to which MiFID requirements relating to tied agents are also to apply.

3. Market data: The FCA plans to make changes to chapter 9 of the Market Conduct Sourcebook (MAR) with regard to its supervisory approach towards data reporting service providers (DRSPs) and to include guidance on the scope of the approved reporting mechanism (ARM) regime. The proposed form for yearly notifications to the FCA (MAR 9 Annex 8 D) is set out in Appendix 2 to CP 16/43. The FCA proposes to ensure that Data DRSPs are compliant with Part V of MiFID II via updates to both MAR and a proposed review. Interestingly, the FCA clarified that a trading venue, when required to transaction report on their own behalf or on behalf of certain persons, may report to the FCA through an ARM. The FCA also clarified their view that it is acceptable for MiFID investment firms to aggregate their reporting via an internal hub provided the hub uses an ARM or is an ARM.

4. Small and medium-sized enterprise (SME) Growth Markets: MiFID II introduced a new sub-category of Multilateral Trading Facility (MTF) called SME Growth Markets. The policy intention was to raise the visibility and profile of growth markets or junior markets across Europe. The FCA is proposing rules on how to register as an SME Growth Market in MAR 5.10.

5. Miscellaneous changes to the Handbook: The FCA is proposing amendments to the Perimeter Guidance manual (PERG), classification of the territorial scope of rules on remuneration and training and competency, and amendments to the Banking Conduct of Business sourcebook (BCOBS) relating to structured products. The FCA has included in PERG guidance in respect of forward FX instruments. Firms providing services in relation to forward FX instruments or trading in these instruments will need to consider whether MiFID II requires them to seek new permissions and passports, as a result of the changes in scope in investment services, financial instruments and exemptions.

6. Updates to fees manual and forms: The FCA is proposing transitional rules for FCA-authorised firms that submit applications for permission or variations of permission under MiFID II before the appropriate charges are in place. On 13 January 2017 the FCA published a MiFID II application and notification user guide, which addresses applications for new authorisation as MiFID investment firms or DRSPs, recognition of investment exchanges, variation of permission and change of legal status and notifications to provide the FCA with regulatory information from firms, recognised investment exchanges and others, including passport notifications. The FCA states that draft applications for FCA solo regulated firms can be submitted to the authorisation gateway from 30 January 2017. The transitional rule will address the period from the point when the FCA starts accepting applications for authorisations related to the changes in MiFID II to the point at which legislation changes to enable it to collect fees for the changes of scope. The FCA also proposed that the fee payable for the application made under the transitional regime will only be payable where the fee for that application is higher than the amount paid for any connected application for activities they already regulate.

7. Forms: The FCA provides feedback on changes to Form A, which were consulted on in CP 16/29. All respondents were in favour of the proposed changes and therefore, the FCA has not made any significant changes to its proposals. In order to minimise complexity, the FCA proposed for prospective MiFID firms coming through the Authorisations Gateway to use the new Form A when they submit information on the proposed appointment of persons who are not members of the management body or do not direct the business.

Next Steps

The deadline for responses to the consultation is 17 February 2017, except for the responses regarding the proposals on fees, for which the deadline is 16 January 2017. As mentioned above, CP 16/43 will be the last FCA consultation paper on the implementation of MiFID II. Should there be any outstanding issues requiring consultation, the FCA will consult on them in quarterly consultation papers. It also aims to publish two policy statements laying out the final rules of the implementation. The first policy statement, which is expected to be published in March 2017, will cover matters consulted on in CP 15/43, while the second one, which is expected in June 2017, will cover all remaining issues. The changes in the FCA Handbook will be finalised in the first half 2017.

MIFID II TRANSACTION REPORTING OBLIGATIONS – NEW FCA WEBPAGE

On 2 December 2016, the FCA published a new webpage on how to obtain a legal entity identifier (LEI) for firms subject to transaction reporting obligations under the revised Markets in Financial Instruments Directive (2014/65/EU) (MiFID II) and the Markets in Financial Instruments Regulation (Regulation 600/2014) (MiFIR).

MiFID investment firms, including, for the purposes of transaction reporting, authorised credit institutions but excluding managers of collective investment undertakings and pension funds, operators of trading venues, and UK branches of third country investment firms will be required to comply with the MiFIR transaction reporting obligations From the implementation of MiFID II/MiFIR on 3 January 2018, such firms will be required to ensure that clients eligible for an LEI have one before executing trades in financial instruments subject to the transaction reporting obligation (including shares, bonds, collective investment schemes, derivatives and emission allowances) on their behalf. The FCA webpage aims to provide guidance for firms and their clients on how to obtain an LEI. LEIs are unique identifiers for persons that are legal entities or structures, including companies, charities and trusts, and the obligation to obtain an LEI has been endorsed by the G20. An LEI, which is a code included in a global data system, enables any legal entity or structure that is a party to a relevant financial transaction to be identified in any jurisdiction. LEIs are available from bodies accredited by the Global Legal Entity Identifier Foundation, or bodies endorsed by the Legal Entity Identifier Regulatory Oversight Committee, as an authorised Local Operating Unit for the allocation of LEIs. The Global Legal Entity Identity Foundation has also introduced the concept of a “registration agent” to assist legal persons to access Local Operating Units. A fee may be applicable for the allocation of an LEI, but that is to be determined by the relevant Local Operating Unit. Firms eligible for an LEI must renew them annually by providing the local operating unit with updated information so that it may verify the data held on the LEI. The FCA webpage also provides a list of Local Operator Units. 

THE IMPLEMENTATION OF MIFID II – PRA APPROACH

As part of the UK implementation of the revised Markets in Financial Instruments Directive (2014/65/EU) (MiFID II) and the Markets in Financial Instruments Regulation (Regulation 600/2014) (MiFIR), the PRA issued a policy statement (PS 29/16) on 27 October 2016, following its first consultation paper (CP 9/16) released on 1 March 2016, and a second consultation paper (CP 43/16) on 25 November 2016, regarding its approach on the implementation process. This article focuses on PS 29/16 and CP 43/16.

Background

MiFID II will take effect from 3 January 2018 and member states must transpose the relevant provisions in national legislation and regulations by 3 July 2017. HM Treasury previously consulted on the changes required to UK legislation in March 2015. The FCA has also consulted on necessary changes to its Handbook across four consultation papers in December 2015, July 2016, September 2016 and December 2016.

PRA policy statement

On 27 October 2016, the PRA issued policy statement PS 29/16 offering feedback to the responses received to its consultation paper (CP 9/16) which was published in March 2016.

The PRA did not consider that the responses received necessitated significant changes to its original proposals contained in CP 9/16. The final rules to transpose MiFID II, regarding the extension of scope and harmonisation of the MiFID passporting regime and the systems and controls for firms who undertake algorithmic trading and provide direct electronic access to trade venues, were set out in the Passporting and the new Algorithmic Trading Part of the PRA Rulebook respectively.

No proposals were received with regard to the changes proposed regarding the passporting regime. The final passporting rules are, therefore, unchanged from CP 9/16 apart from some minor clarifying amendments and a change to the definition of “tied agent”. Two responses were received regarding the proposals on algorithmic trading, which recognised the need for the PRA to introduce rules for algorithmic trading. Algorithmic trading activity on markets outside the European Economic Area (EEA) which would have been in scope of the rules, if these markets were indeed located within the EEA, is now covered by the proposed rules. Concerns were raised by the respondents regarding the scope of the proposed rules, record keeping and the requirements for firms engaged in high frequency algorithmic trading. The respondents requested clarifications with regard to whether the proposed rules on algorithmic trading are applicable for a PRA regulated entity trading on a market outside the EEA.

The PRA decided to remove from its proposals the detailed record keeping requirements on firms engaging in high frequency algorithmic trading, as these requirements would be imposed in parallel to the existing corresponding FCA requirements. The PRA also stated that it is appropriate to provide greater granularity of the records of testing firms’ systems that should be maintained, in order for information relevant to all aspects of the firms’ systems to be provided to the PRA. Some of the respondents stated that the discretion provided by MiFID II to national competent authorities to ask for any information relevant to a firm’s algorithmic trading leads to uncertainty for firms. The PRA clarifies it will separately consult on the matter and determine what constitutes “further relevant information” and what will be required of firms to meet its expectations.

ESMA has consulted on draft regulatory technical standards (RTS) and implementing technical standards relating to both passporting and algorithmic trading under MiFID II. The PRA states that the draft RTS relevant to the rules in PS 29/16 have been adopted by the European Commission. The PRA clarified that should there be no substantial change to the text of the RTS published in the Official Journal of the EU and consequently, no substantive changes to the PRA rules. The PRA will insert the instrument numbers and commence the rules without further consultation to give effect to the text of the final standards adopted by the Commission.

MiFID II requires firms providing direct electronic access to trading venues to their clients to have robust systems and controls in place and, accordingly, the PRA has amended Algorithmic Trading 2.4(3) in order to align more closely with the wording of Article 17(5) of MiFID II, by referring to “appropriate” systems and controls.

PRA second consultation

On 25 November 2016, the PRA published its second consultation paper (CP 43/16) on the implementation of MiFID II and MiFIR. The CP 43/16 proposals aim to enhance governance through MiFID II management body requirements and key organisational requirements which will apply to MiFID and non-MiFID business. The PRA retains the “common platform firm” concept in order to continue to apply a single set of requirements in respect of both MiFID and non-MiFID business of firms.

The main amendments to the PRA Rulebook and supervisory statements as proposed by CP 43/16 are as follows.

First, new PRA rules will be introduced implementing Articles 9 and 16 of MiFID II, relevant to the management body and organisational requirements respectively.

Management body: The management body requirements in MiFID II focus on the effective oversight and control that the management body should have over the activities of firms. The management body is expected to assume clear responsibilities across the business cycle of the firm, including setting strategic objectives, and responsibility for the risk strategy and the internal governance of the firm. The PRA proposed the implementation of the management body requirements, contained in Article 9 of MiFID II, through changes to the General Organisational Requirements and Skills, Knowledge and Expertise Section of the PRA Rulebook.

Organisational requirements: The organisational requirements involve new requirements about the operation of the compliance function, outsourcing and record keeping, including a list of minimum records (Article 16 of MiFID II). The PRA proposed to implement these organisational requirements through changes to the Compliance and Internal Audit, General Organisational Requirements, Outsourcing, Record Keeping and Risk Control Parts in the PRA Rulebook. The extension of the substance of the requirements of the Delegated Regulation on organisation requirements and operating conditions is also proposed by the PRA.

Second, the PRA Rulebook provisions which are being superseded by directly applicable provisions of the Commission Delegated Regulation on organisational requirements and operating conditions (Delegated Regulation) will be removed from the PRA Rulebook.

Third, consequential changes to the PRA Rulebook notes and supervisory statements to update references from MiFID to MiFID II. Consequential amendments will also be made under the General Provisions Part and the Glossary.

Fourth, authorisations will be granted in respect of the MiFID activity of “operation of an organised trading facility (OTF)”, the MiFID financial instruments of “emission allowances” and structured deposits:

New regulated activity and specified instrument: MiFID II will expand the scope of the existing MiFID regime by expanding the scope of regulated MiFID investment services and activities to include “operating an OTF” and adding emission allowances to the list of MiFID financial instruments. Accordingly, implementation of MiFID II requires the introduction of a new regulated activity in the UK of operating an OTF (as MiFID II requires persons operating an OTF to be authorised and regulated by the FCA) and a new specified instrument of an emission allowance (which would expand the scope of existing UK regulated activities, e.g. advising on investments, arranging deals in investments and entering into deals in investments, to cover this new MiFID instrument). These changes will be introduced by changes made to the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO) by HM Treasury. Under the existing HM Treasury proposals, dual-regulated firms requiring permission to carry on the new regulated activity of operating an OTF, or any relevant regulated activities in respect of emission allowances, will need to apply for a variation of permission with the PRA using the usual procedure, as the existing HM Treasury proposals do not provide for any form of streamlined or fast-track variation of permission procedure. This means that dual-regulated firms carrying on existing business that is currently unregulated but will become regulated on the implementation of MiFID II will have to go through the usual procedure for a variation of permission with the PRA in respect of such business. In CP 43/16, the PRA proposes that, if the HM Treasury amendments allow the appropriate regulator to process such applications in advance of the MiFID II implementation deadline, dual-regulated firms will be able to submit variation of permission applications to the PRA in advance of 3 January 2018. The PRA’s ability to do this will depend on the final approach adopted by HM Treasury, and the PRA indicates in CP 43/16 that it will provide further information on this point when it issues a final policy statement following the current consultation. 

Structured deposits: MiFID II contains a number of provisions that relate to structured deposits. However, structured deposits have not been added to the wider list of MiFID financial instruments by MiFID II and hence, although the UK is required to ensure that the limited MiFID II provisions relating to structured deposits are implemented and enforced in the UK, there is no strict requirement for the UK to require firms carrying on investment services and activities in respect of structured deposits to obtain authorisation. HM Treasury will however be expanding the scope of four existing UK regulated activities (dealing in investments as agent, arranging deals in investments, managing investments and advising on investments) to cover structured deposits. Unlike with respect to emission allowances however, HM Treasury proposes to include transitional provisions in the amendments to the RAO so that a firm that already has permission to carry on any of those four regulated activities in respect of other specified investments will be deemed to have been granted a variation of permission to cover structured deposits, subject to the firm notifying the appropriate regulator. In CP 43/16, the PRA has indicated that it will require dual-regulated firms to notify it of their intention to follow this transitional approach by completing a form through the PRA website.

The consultation closes on 27 February 2017 and the proposed implementation date for the proposals in this consultation paper is 1 January 2018.

CONSULTATION ON THE FCA’S FUTURE MISSION

On 26 October 2016, the FCA published a consultation on its future approach to pursuing its statutory objectives (Mission Document).

Purpose of the Mission Document

The purpose of the Mission Document is to provide clarity with regard to the FCA’s statutory objectives and its approach to pursuing these objectives. Principally, the FCA’s objective is to ensure that financial markets function well. Given the breadth of this objective, the FCA considers that the Mission Document provides an opportunity to discuss and clearly define its remit and the way it makes decisions. Andrew Bailey, Chief Executive Officer of the FCA, states in the foreword of the Mission Document that “establishing and embedding a clear mission is critical to our success, both as a regulator and to UK financial services as a whole”.

The Mission Document clarifies the FCA’s reasoning about how it regulates firms and how it prioritises areas to focus on. The Mission Document explores the FCA’s approach to ensuring the efficient allocation of resources, and provides a potential framework on how the FCA utilises its tools to pursue its statutory objectives. In a press release published alongside the Mission Document, Mr Bailey stated that the FCA’s mission “will improve accountability and transparency of how and why [the FCA] makes the choices that [it] does”.

Focus of the Mission

Some key areas that the FCA focuses on in the Mission Document include:

Regulatory perimeter: The FCA discusses its regulatory remit and how, in some areas, the lines between regulated and unregulated activities have become blurred. It states that it will prioritise intervening outside the regulatory perimeter when it considers that its statutory objectives are threatened (the FCA can take action against authorised persons in relation to business that is not regulated). The FCA also states that it will be more likely to take an interest in the unregulated activities of an authorised firm if they are illegal or fraudulent, have the potential to undermine confidence in the UK financial system, are closely linked to, or may affect, a regulated activity, or call into question the suitability of the firm.

Protecting consumers: The FCA states that its focus will be on ensuring an appropriate degree of protection for consumers, taking into account the capability of the consumer, the complexity of the product or service and the degree of protection that the FCA can offer.

Vulnerable consumers: The FCA states that part of its role is to protect vulnerable consumers and that some consumer groups may require more protection than others. The FCA states that it will keep those who it deems to be “vulnerable” under review.

Consumer redress: The FCA clarifies that it has a role alongside the Financial Ombudsman Service and the Financial Services Compensation Scheme in ensuring that consumers receive redress via quicker and cheaper routes than the court system. The FCA also states that it will communicate with firms and consumers about redress schemes consistently and regularly.

FCA intervention: The FCA discusses how it defines harm, when it considers intervention is needed, and the role it can play in helping consumers with regard to making decisions (e.g. via “nudges”).

Regulation and public policy: The FCA discusses the role of conduct regulation in relation to emerging issues, such as technological change, and where that role ends and broader public policymaking begins. The FCA also discusses whether rules should be created to specify a “duty of care” for financial service providers in relation to their customers, and whether this would improve the functioning of the financial markets.

Competition and market design: The FCA states that it has a duty to take a more pro-competition approach to regulation and discusses how the setting of standards can impact competition in the market and influence market design. The FCA explains that its market studies help it develop interventions in market design where concerns are identified. It also clarifies that it has investigatory and enforcement powers under the Competition Act 1998 in relation to breaches of competition law.

Enforcement: The FCA states that it uses its enforcement powers with a focus on deterrence. The FCA also states that investigations can help engender public confidence in the financial system, can provide insights and learning for firms, and “good investigations” can make the markets work well. The FCA also explains that it will review the use of “private warnings”, since they do not provide a determination that a breach has occurred and may give the impression that a fair process has not been carried out.

Supervision: The FCA states that part of its role is to ensure that market participants constitute “fit and proper” persons to enter the financial services sector. The FCA also emphasises its pragmatic approach to innovation by highlighting initiatives such as Project Innovate and the Regulatory Sandbox. The FCA states that it will continue to supervise firms’ behaviour, culture, and financial soundness, and explains that it will ensure that when regulated firms fail, these firms exit the market in an orderly way

■ FCA Handbook review: Given that the Mission Document raises some issues which may have implications for the FCA Handbook, the FCA also seeks views regarding a potential review of the FCA Handbook. The FCA states that it wants to be clearer with firms about its expectations and, therefore, seeks to identify changes to the FCA Handbook which would clarify its rules.

Looking ahead

Technological and societal changes are impacting on the sophistication of financial services. The FCA highlights that such changes present challenges for the traditional regulatory model but that technological advances can also be of benefit to regulators. For example, data science offers tools to gather useful information from complex databases. The FCA states that data science can be used to identify firms posing a greater risk of regulatory beach, and may be used to help detect financial crime.

Consultation deadline

The FCA has published a list of questions under Annex 1 of the Mission Document and encouraged stakeholders to respond with their views and any other relevant questions that they believe the FCA’s mission should address. The FCA requests comments by 26 January 2017. Comments can be sent using the form on the FCA’s website (www.fca.org.uk/mission).

Key themes from feedback received so far

On 3 January 2017, the FCA published some key themes from the feedback received in response to the Mission Document. For example, the FCA highlighted that respondents generally want clearer rationale for FCA decisions and also thought that the FCA should adopt a more active role in sharing lessons learned and good practice. The FCA stated that the views of respondents would contribute directly to the development of the FCA’s future mission.

FCA WRITES TO TREASURY COMMITTEE ON REGULATORY LANDSCAPE FOR FINANCIAL SERVICES AND PASSPORTING FOLLOWING BREXIT

On 28 October 2016, Andrew Bailey, Chief Executive Officer of the FCA, wrote a letter to Andrew Tyrie MP, Chairman of the House of Commons Treasury Committee, setting out the FCA’s views on the regulatory landscape for financial services following Brexit, assuming the UK would be treated as a “third country” with market access governed by World Trade Organisation (WTO) rules. The letter addresses passporting and equivalence, the main elements of an “optimal future framework”, the advantages of removing the existing passporting regime and an assessment of the practicalities of improving global standards of regulation following Brexit.

Passporting

Passporting enables a firm that has received certain permissions from its home EEA regulator to provide services on a cross-border basis or establish a permanent presence in other member states without obtaining any further authorisations from the host national regulators. Mr Bailey emphasised that there is no single passport available across all financial services sectors and that a firm would need to seek specific permissions for each cross-border financial service that it intends to provide. He also explained that the option of passporting does not exist in relation to certain types of financial services activity, such as consumer credit, and that some financial services do not require authorisation under EU law.

Mr Bailey highlighted that if the UK leaves the EU and no free trade agreement is agreed, access by the UK financial services sector would be governed by WTO protocols. Accordingly, UK firms would no longer be able to passport on the basis of a single authorisation from the FCA or PRA and entry requirements would generally be determined by the national regulatory regime of each EU member state.

Access for UK financial services firms without passporting rights

Mr Bailey highlighted that, should passporting no longer be available, UK firms may be able to rely on equivalence frameworks or third country passports where available under specific pieces of EU legislation, or, subject to local laws, seek authorisation from the national regulatory authority in each member state in which it intends to do business.

UK firms may be able to rely on equivalence frameworks if the UK’s regulatory regime is deemed to be “equivalent” when compared with the relevant corresponding EU regulatory regime, provided this is permitted under that EU regime (not all EU regulatory regimes provide for third country equivalence recognition). The requirements for determining equivalence often depend on whether the third country’s regulatory regime is deemed to have legally binding requirements, enable effective supervision by authorities, and achieve the same outcomes when compared to the relevant corresponding EU regulatory regime. Mr Bailey also recognised that the third country (i.e. the UK) may also need to offer equal access to EU entities and have cooperation arrangements in place in order to obtain a decision as to equivalence. Mr Bailey emphasised that the process leading to a decision of equivalence can be a lengthy process. For example, the US Commodities and Futures Trading Commission’s regulation of US Central Counter Parties which took over three years to be deemed equivalent to the EU arrangements under the European Market Infrastructure Regulation (Regulation (EU) 648/2012).

Mr Bailey explained that some pieces of legislation, such as the revised Markets in Financial Instruments Directive (Directive 2014/65/EU) and the Alternative Investment Fund Managers Directive (Directive 2011/61/EU), may also allow market access via a third country passport but only for certain types of services.

Mr Bailey indicated that equivalence frameworks generally do not offer the same level of access as passporting or the rights to freedom of movement amongst EU member states under EU law and added that agreements between the EU and third countries regarding equivalence can be withdrawn.

Mr Bailey also said that, in the absence of a determination of equivalence or third country passport, a UK firm may be able to apply for the relevant authorisations from the national regulatory authority of each EU member state to which it seeks access, subject to that member state’s national law.

The “optimal framework”

Mr Bailey clarified that as the UK Government negotiates the UK’s future relationship with the EU, the FCA will work closely with the Government. The FCA’s initial thinking on an “optimal framework” is based on its statutory objectives and would consist of five broad principles: a cross-border market, consistent global standards, cooperation between regulatory authorities, influence over regulatory standards and an opportunity to recruit and maintain a skilled workforce in the UK. Mr Bailey explained that the FCA would seek an arrangement that will maintain market integrity and conduct standards, ensure healthy competition and protect consumers.

Potential advantages

Mr Bailey pointed out some potential advantages for the UK operating outside of the EU. He indicated that the FCA would have the ability to block products from EU members states that it believes may pose a risk to consumers. He also said that the FCA would likely be able to prevent third country firms that have been authorised as a result of inadequate processes from accessing UK consumers via a passport. In addition, Mr Bailey indicated that the UK would have greater flexibility to set rules specifically tailored to the UK domestic market and UK consumers. However, even outside of the EU, the UK’s flexibility may be limited by the need to adhere to shared international standards, such as those set by the Basel Committee on Banking Supervision.

Global standards

Mr Bailey emphasised that the FCA places high importance on the UK remaining actively involved in developing regulatory standards on a global level via international authorities such as the Financial Stability Board. Mr Bailey indicated that the FCA will continue to develop global standards and promote consistency and cooperation between regulatory authorities. He also identified that the UK will continue to be subject to assessments by international bodies, such as the International Monetary Fund.

A need for Brexit clarification

Since receiving Mr Bailey’s letter, Andrew Tyrie MP gave a speech at the Future of the City dinner hosted by DLA Piper on 9 January 2017, in which he expressed the need for the UK Government to provide clarity regarding its approach to Brexit. Specifically, he wanted clarification on whether the UK will seek to remain as a member of the single market or obtain equivalent access, whether the UK will participate in a customs union with the EU and, whether the UK will seek transitional arrangements under Article 50.

FCA FEEDBACK STATEMENT ON CALL FOR INPUT ON APPROACH TO CURRENT PAYMENT SERVICES REGIME

On 15 November 2016, the FCA published a feedback statement (FS 16/12) following its call for input on its approach to its regulation of payment services.

The second Payment Services Directive ((EU) 2015/2366) (PSD2) came into force on 12 January 2016 and the Treasury is responsible for transposing it in UK law by 13 January 2018. In order to reflect these changes to the UK’s payment services regime, the FCA intends to update its Payment Services Approach Document (Approach Document) and chapter 15 of the Perimeter Guidance manual (PERG) of the FCA Handbook. Consequently, a call for input was published on 1 February 2016 in which the FCA sought views on its compliance guidance available to firms. FS 16/12, offers a summary of the feedback received, an overview of the FCA’s response and an outline of the next steps.

Respondents were broadly happy with the current FCA guidance and found it a useful and comprehensive source of information, on both the authorisation process and in respect of the ongoing provision of payment services. Some respondents suggested, however, that additional practical examples and diagrams could be helpful for them to understand more complex areas. Respondents considered that references to new payment types and related technologies should be included in the guidance, including contactless and mobile payments, online and mobile banking, digital currencies and cheque imaging (in particular the extent to which each of these new activities falls within the regulatory perimeter). It was also suggested that the guidance should be updated to reflect developments in the market that have taken place since the FCA’s original guidance was published in 2009.

Respondents also identified specific areas of the guidance that would benefit from further clarity. Such feedback concerned primarily the Approach Document guidance on appointment of agents (chapter 5), passporting (chapter 6), conduct of business requirements (chapter 8), safeguarding (chapter 10) and complaints handling (chapter 11). Respondents also indicated that further clarity would also be appreciated in certain sections of PERG 15.

The Approach Document currently includes references to a number of key pieces of legislation which firms should consider alongside the Payment Services Regulations (PSRs) (the UK regulations that implement the first Payment Services Directive (PSD, 2007/64/EC) into UK law). The FCA acknowledges that there have been a number of relevant regulatory developments since 2009. Respondents suggested that the FCA could update the guidance on payment services to cross refer to relevant parts of the FCA’s Consumer Credit Sourcebook (CONC) and to provide guidance on the changes introduced by the new General Data Protection Regulation, Interchange Fee Regulations, Payment Account Regulations and the Single Euro Payments Area initiative. Respondents also requested more clarity on the interaction between the PSRs and the FCA’s Banking Conduct of Business Sourcebook (BCOBS).

Most of the respondents considered that the Approach Document and the FCA’s approach documents in relation to its regulation of e-money, which are currently two separate documents, should be combined. Respondents indicated that the FCA’s online e-learning module for payment service providers had proved useful and should be updated to incorporate changes to be introduced by PSD2.

In its feedback statement, the FCA committed to considering the feedback and suggestions provided by the respondents to the call for input when developing and updating its existing guidance. In particular the FCA will assess where it can give further practical examples and illustrations in the Approach Document and in PERG. Changes in the market will be taken into account by the FCA to ensure the updated guidance addresses new technologies and business models for providing payment services. It will also combine the two approach documents for payment services and electronic money and update the e-learning module to cover changes to be introduced by the implementation of PSD2, as well as consider how to raise awareness of the module amongst its target audience.

The FCA confirmed that it is working closely with the Treasury, as well as alongside other member states’ competent authorities on a European level to assist the European Banking Authority as it develops guidance and regulatory technical standards required under PSD2. The FCA is also engaging with industry and conducting research to identify the types of firms which may fall within the regulatory perimeter because of PSD2’s revised scope (in particular, two newly defined payment services “payment initiation services” and “account information services” will fall within the scope of regulation from the implementation of PSD2). The FCA intends to launch a consultation on the necessary FCA Handbook changes and updated payment services guidance in 2017, with the intention of publishing the final guidance in advance of January 2018, in order to help payment service providers comply with the revised regime before the provisions of PSD2 come into effect.

UK ENFORCEMENT – SIX INDIVIDUALS SANCTIONED BY THE FCA FOR INVOLVEMENT IN UNLAWFULLY OPERATING UNAUTHORISED COLLECTIVE INVESTMENT SCHEME

On 1 November 2016, the FCA published final notices for six individuals, prohibiting them from any function relating to any regulated activity for unlawfully operating an unauthorised collective investment scheme (CIS). Between July 2008 and November 2011, Scott Crawley, Daniel Forsyth, Adam Hawkins, Ross Peters, Aaron Petrou and Dale Walker were involved in the operation of an unauthorised collective investment scheme through Plott Investments Ltd (which changed its name to Plott UK Ltd), European Property Investments (UK) Ltd and Stirling Alexander Ltd. Salesmen for the companies called potential investors to sell them agricultural land that the companies had bought for minimal amounts as well as land the companies did not own. Using sales scripts, misleading promotional material, and high-pressure sales techniques they lied about the current and future value of the land. People were persuaded to purchase land at a vastly inflated price, on the false promise of a substantial profit. As a result of the scheme, more than 100 investors lost about £4.3 million in total.

The individuals who operated the scheme had received prison sentences totalling more than 30 years. Among the offences that the individuals were convicted for include: breaching, or aiding and abetting the breach of, the general prohibition (the carrying on or purported carrying on of a regulated activity without authorisation or exemption), possessing criminal property, conspiracy to defraud and providing information knowing it to be false or misleading. All of the FCA prohibition orders took effect from 1 November 2016.