looking back, looking forward - moore stephens · looking back, looking forward ... • looking...

40
PRECISE. PROVEN. PERFORMANCE. www.moorestephens.co.uk Looking back, looking forward An overview of regulation change in 2016/2017 23 January 2017

Upload: trandieu

Post on 06-Jul-2018

239 views

Category:

Documents


0 download

TRANSCRIPT

PRECISE. PROVEN. PERFORMANCE. www.moorestephens.co.uk

Looking back, looking forward An overview of regulation change in 2016/2017

23 January 2017

Agenda

• Introduction

• Looking back at 2016

• Looking forward at 2017 – MiFID II, SM&CR, MLD4

• General Data Protection Regulation

• Insights from a Skilled Person

• Conclusion & questions

PRECISE. PROVEN. PERFORMANCE.

Colour palette for PowerPoint presentations

Primary Cyan

R0 G174 B239

Primary Black

R35 G31 B32

Secondary Red

R191 G49 B26

Secondary colour palette

Primary colour palette

Secondary Maroon

R163 G0 B70

Secondary Purple

R113 G20 B113

Secondary Deep Purple

R96 G82 B112

Secondary Light Purple

R147 G151 B203

Secondary Pastel Green

R122 G204 B200

Secondary Bottle Green

R0 G146 B143

Secondary Pastel Blue

R80 G200 B232

Secondary Blue

R79 G138 B190

Secondary Light Green

R169 G195 B152

Secondary Bright Green

R122 G193 B67

Secondary Deep Green

R109 G141 B36

Secondary Olive

R164 G148 B0

Secondary Bright Yellow

R235 G215 B35

Secondary Deep Yellow

R229 G181 B59

Secondary Ecru

R200 G177 B139

Secondary Light Blue

R195 G208 B228 Looking back at 2016

Lorraine Bay, Partner

FCA Business plan – 2016/17

Pension

Innovation and technology

Treatment of existing customers

Wholesale financial markets

Firms’ culture and governance

Advice

Financial crime and anti-money laundering

Themes during 2016

SMR MAR

Wealth Management

review

UCITS V Prudential concerns

Pensions

Consumer Credit

FAMR

What happened in 2016?

Prudential

• COREP thematic review

• Guidance on wind down planning

• CRD IV Pillar 2 summary & stress testing observations

Financial crime

• Market Abuse Regulations (MAR) in force from 3 July

2016

– Broader scope

– New offence

– STORs

• More AML & financial crime s.166s

What you should you have done in 2016?

Reviewed & tailored your risk framework & risk matrix

Read the wind down planning guide update

Read the FCA Pillar II & stress testing paper

Ensured consistency between your ICAAP, RRP & wind down plan.

Ensured it’s a document with active senior management engagement.

Conducted gap analysis of compliance with MAR

Ensured all your MAR Compliance documents up to date?

Implemented staff training for MAR’s requirements

Completed a VOP for P2P advising activity if not needed

PRECISE. PROVEN. PERFORMANCE.

Colour palette for PowerPoint presentations

Primary Cyan

R0 G174 B239

Primary Black

R35 G31 B32

Secondary Red

R191 G49 B26

Secondary colour palette

Primary colour palette

Secondary Maroon

R163 G0 B70

Secondary Purple

R113 G20 B113

Secondary Deep Purple

R96 G82 B112

Secondary Light Purple

R147 G151 B203

Secondary Pastel Green

R122 G204 B200

Secondary Bottle Green

R0 G146 B143

Secondary Pastel Blue

R80 G200 B232

Secondary Blue

R79 G138 B190

Secondary Light Green

R169 G195 B152

Secondary Bright Green

R122 G193 B67

Secondary Deep Green

R109 G141 B36

Secondary Olive

R164 G148 B0

Secondary Bright Yellow

R235 G215 B35

Secondary Deep Yellow

R229 G181 B59

Secondary Ecru

R200 G177 B139

Secondary Light Blue

R195 G208 B228 Looking forward at 2017 – MiFID II, SM&CR, MLD4 Giovanni Giro, Senior Manager

MiFID II

• The Directive (MiFID-2014/65/EU) – this revises and

expands the existing directive

• The Regulation, the Markets in Financial Instruments

Regulation (MiFIR-2014/600/EU) – this is a binding

legislative act, which directly applies across the EU

• ESMA delegated acts and Regulatory Technical Standards

To be implemented on 3 January 2018

Key areas

MiFID II

Commodity Derivatives

High Frequency

Trading

Conduct of Business

Market Structure

Organisation

Transparency and

Transaction Reporting

MiFID II – effects

• Extended scope

– More types of firms; new operators; additional investment types

• Increased focus on governance

– Management body under scrutiny; product governance

• Transparency

– Pre-trade and post-trade disclosures; costs and charges

• Transaction reporting

– Increased data reporting; near-real time

• Additional client protection

– Suitability and appropriateness; best execution

Organisation

• Additional organisation and governance requirements

• Prohibition on title transfer collateral agreement with retail

clients

• Remuneration to prevent conflicts of interest

• Management body to ensure corporate governance

arrangements are overseen and assessed regularly

• Induction and training for senior management

• Stress testing of products and services

Conduct of business

• Focus on suitability, appropriateness, conflicts of interest

• Enhanced requirements for the compliance function and

the handling of complaints

• Changes to rules on inducements for independent advisers

and portfolio managers

• The definition of ‘personal recommendation’ will only

exclude recommendations made to the public at large

• Telephone recording

• Best execution

Transparency and transaction reporting

• Clear information on all costs / charges for services and

products

• Pre-trade and post-trade transparency regime

• Increased data reporting extended to new products, new

data fields, near-real time submission

• Operators of trading venues to report transactions for firms

that are not subject to MiFIR

• Compatibility between MiFID II and EMIR reporting

Checklist MiFID II

Determine impact and allocate resource ahead of effective date

Are your activities and investments in scope?

Transaction reporting and sufficient IT capability

Suitability and appropriateness arrangements

Remove 3rd party payments and TTCA with retail clients

Review policies (conflicts of interest, remuneration, best ex)

Update corporate governance arrangements

Training to management body and all staff

Senior Managers & Certification Regime

Responsibilities map Statement of

responsibilities

SM&CR

Senior Managers

Certification Regime

Material risk takers and Approved Persons

Conduct rules

All staff

Senior Managers Regime

• Responsibilities map describing structure, size and

complexity of the firm, including management

arrangements

• Governance arrangements to confirm individual

accountability

• Responsibilities map to reflect actual business and

governance

• Individual statement of responsibility from each senior

manager

To be extended to all FCA authorised firms

in 2018

Certification Regime

• Certification regime requires firms to assess the fitness

and propriety of staff in certain roles on inception and

annually

• Conduct rules

– Firms to inform all staff that they are subject to conduct rules;

– All relevant employees to be given training on conduct rules

that are specific to their role; and

– Notify the FCA of breaches on conduct rules.

Checklist SM&CR

Identify all Senior Managers to be appointed

Draft comprehensive responsibilities map

Review job descriptions

Ensure all functions and responsibilities can be allocated

Establish a culture of governance and code of conduct

Establish regular ‘fit and proper’ reviews

Assess impact of conduct risk

Training to future SMF and Certified Persons

4th Money Laundering Directive

Fourth Anti-Money Laundering Directive (MLD4)

Effective from 26 June 2015

EU Member States to implement by 26 June 2017

UK to update MLR and POCA

New JMLSG guidance

Key changes

Enhanced due diligence (‘EDD’)

Disapplication of EDD to be justified

Unusual transactions (> €10k)

Local Politically Exposed Persons (‘PEP’)

Central register of beneficial ownership

Emphasis on a risk-based approach

Expands beyond EU borders

Checklist MLD4

Run Gap analysis and plan implementation of changes

Financial crime prevention measures in place

Review client on-boarding, CDD and EDD procedures

Are your IT systems able to prevent cybercrime?

Establish risk based approach proportionate to your business

Extend MLD4 standards to group entities based overseas

Review financial crime risk appetite and risk assessment

Training to all staff

SM&CR

All firms

MiFID II

MLD 4 26 June 2017

3 January 2018

Early 2018?

Roadmap 2017/18

Organisation

Transparency

Business conduct Accountability

Conduct Risk

Governance

Due diligence

Cyber crime

UBO register

PRECISE. PROVEN. PERFORMANCE.

Colour palette for PowerPoint presentations

Primary Cyan

R0 G174 B239

Primary Black

R35 G31 B32

Secondary Red

R191 G49 B26

Secondary colour palette

Primary colour palette

Secondary Maroon

R163 G0 B70

Secondary Purple

R113 G20 B113

Secondary Deep Purple

R96 G82 B112

Secondary Light Purple

R147 G151 B203

Secondary Pastel Green

R122 G204 B200

Secondary Bottle Green

R0 G146 B143

Secondary Pastel Blue

R80 G200 B232

Secondary Blue

R79 G138 B190

Secondary Light Green

R169 G195 B152

Secondary Bright Green

R122 G193 B67

Secondary Deep Green

R109 G141 B36

Secondary Olive

R164 G148 B0

Secondary Bright Yellow

R235 G215 B35

Secondary Deep Yellow

R229 G181 B59

Secondary Ecru

R200 G177 B139

Secondary Light Blue

R195 G208 B228 General Data Protection Regulation Steve Williams, Partner

The European Union General Data

Protection Regulation (‘GDPR’)

• Replaces the UK Data Protection Act.

• Dubbed the “biggest shake up of data protection laws for 20

years” businesses around Europe will have until 25 May 2018 to

fully comply with the new regulation or face considerable fines.

• The GDPR is designed to strengthen and unify data protection

for individuals within the EU. Its primary objective is to give

citizens back control of their personal data, along with simplifying

the regulatory environment for international companies.

• Although a number of the principles seen in the UK DPA are

included within the GDPR and remain unchanged, there are a

number of significant changes that organisations need to be

aware of and start preparing for in advance of the 25 May 2018

enforcement date.

Five things you need to know

Fines of up to €20 million or 4% of global annual turnover

Places new obligations on data processors as well as controllers

New accountability structure

Privacy by design – privacy has to be embedded in change programmes

Mandatory notification within 72 hours of detecting a privacy breach

What you should be doing now

Conduct analysis against known GDPR requirements

Validate your information and cyber security

Review the information you hold and consents

Check your information supply chains (to make sure they are preparing)

Review policies, procedures and agreements

PRECISE. PROVEN. PERFORMANCE.

Colour palette for PowerPoint presentations

Primary Cyan

R0 G174 B239

Primary Black

R35 G31 B32

Secondary Red

R191 G49 B26

Secondary colour palette

Primary colour palette

Secondary Maroon

R163 G0 B70

Secondary Purple

R113 G20 B113

Secondary Deep Purple

R96 G82 B112

Secondary Light Purple

R147 G151 B203

Secondary Pastel Green

R122 G204 B200

Secondary Bottle Green

R0 G146 B143

Secondary Pastel Blue

R80 G200 B232

Secondary Blue

R79 G138 B190

Secondary Light Green

R169 G195 B152

Secondary Bright Green

R122 G193 B67

Secondary Deep Green

R109 G141 B36

Secondary Olive

R164 G148 B0

Secondary Bright Yellow

R235 G215 B35

Secondary Deep Yellow

R229 G181 B59

Secondary Ecru

R200 G177 B139

Secondary Light Blue

R195 G208 B228 Insights from a Skilled Person

Andrew Jacobs, Director

Source of regulatory intelligence

Regulatory Insight

Consultation with regulators

Invitation to roundtable sessions

Attending industry events

Published industry

information

Collaborations with other

professional firms

S166 reviews

Aim of the session

• Provide insights into

some of the discreet areas

which the regulator

focusses on

• Inform your strategy for

managing risk and

prioritising regulatory

change

• Give you clarity on where

to focus

Inception of a business relationship

Risk management

and compliance

Governance and

oversight

Business Model

Inception of a business relationship

• Client / customer on-boarding

• Know your client / know your business

– Suitability

– Appropriateness

– Client classification

– Due diligence on corporate entities and third parties

• Understanding the risks presented by each client

– Source of funds / wealth

– Nature of relationship

– Risk assessment

– Receiver of remittances / payments of any nature

Risk management and compliance

• Three lines of defence

– Responsibilities of each line of defence – clarity

– Independence and robustness of each line of defence

– Tailoring of policies and procedures

• Compliance monitoring

– Transactions monitoring and customer behaviours

– Ongoing review of KYC and risk assessments

– MI from the second line

– Resourcing of compliance teams

– Review of threshold conditions

– Accuracy of regulatory reporting

Governance and oversight

• Governance structures and key individuals

– Clarity of governance structure – apportionment & oversight

– Effectiveness and accountability of committees / groups

– Clarity on terms of reference

– Suitability of role holders to perform their functions – at all

levels

– Effectiveness and Independence of NEDs

• Outsourcing

– Oversight and documentation GDPR

• Cohesion of control framework

– How well your controls fit your business

– Responsiveness to FCA intelligence

Business model

• Conduct and culture

• Approach towards risk management

– Risk Appetite, Risk Statement and Risk Assessment

• Financial prudence and risk management

– ICAAP – Risk Management document

– Correlation between risk and stresses noted in ICAAP, wind-down

plan & Recovery / Resolution plan

– SREP visit considerations

• Senior Managers and Certification Regime (SM&CR)

– Business structure

• Europe

– Brexit and ESMA

Closing thoughts

“People think that focus

means saying yes to the

things that you’ve got to focus

on. But that’s not what it

means at all. It means saying

no to the hindered other good

ideas that there are. You have

to pick carefully.”

Steve Jobs

“Deciding what not to do is as

important as deciding what to

do”

FOCUS

PRECISE. PROVEN. PERFORMANCE.

Colour palette for PowerPoint presentations

Primary Cyan

R0 G174 B239

Primary Black

R35 G31 B32

Secondary Red

R191 G49 B26

Secondary colour palette

Primary colour palette

Secondary Maroon

R163 G0 B70

Secondary Purple

R113 G20 B113

Secondary Deep Purple

R96 G82 B112

Secondary Light Purple

R147 G151 B203

Secondary Pastel Green

R122 G204 B200

Secondary Bottle Green

R0 G146 B143

Secondary Pastel Blue

R80 G200 B232

Secondary Blue

R79 G138 B190

Secondary Light Green

R169 G195 B152

Secondary Bright Green

R122 G193 B67

Secondary Deep Green

R109 G141 B36

Secondary Olive

R164 G148 B0

Secondary Bright Yellow

R235 G215 B35

Secondary Deep Yellow

R229 G181 B59

Secondary Ecru

R200 G177 B139

Secondary Light Blue

R195 G208 B228 Conclusion

Lorraine Bay, Partner

Questions or comments?

Future events

• 25 January – Privacy, information & cyber security

• 22 February – MiFID II seminar

• 29 March – SMR seminar

• 26 April – FCA business plan

Helping to keep up-to-date

• Financial Insight – our quarterly newsletter

• E-alerts – subscribe via [email protected]

• Regular seminars

• Follow us on Twitter: @MSFinSec

• Visit our website:

www.moorestephens.co.uk/sectors/financial-services

PRECISE. PROVEN. PERFORMANCE. www.moorestephens.co.uk

Looking back, looking forward An overview of regulation change in 2016/2017

23 January 2017