BoE 2023 H2 systemic risk survey
The Bank of England has published the results of its latest systemic risk survey looking at firms’ views of risks to, and their confidence in, the stability of the UK financial system.
The key results from the latest survey for H2 of 2023 are:
- Overall confidence remains high: Survey respondents remain confident in the stability of the UK financial system, with a similar level of confidence to 2023 H1.
- Perceived probability of high-impact events decreases: The perceived probability of a high-impact event affecting the UK financial system in both the short term and medium term is lower than judged in the previous survey.
- Cyber attack, geopolitical risk and inflation risk remain top concerns: Cyber attack and geopolitical risks remain the most frequently cited risks among participants.
- The number of participants citing risks associated with a UK economic downturn has continued to increase sharply.
- The number of survey respondents citing inflation risk has slightly increased after having decreased in the previous survey.
- The risk of cyber attack, geopolitical risk and inflation risk are still considered the most challenging for firms to manage by a significant margin.
- Emerging risks: A number of respondents flagged artificial intelligence as posing new risks to financial stability. Meanwhile inflation risk, cyber attack, geopolitical risk and UK downturn-associated risks were cited as being the likeliest to arise in the next period.
Australia consults on new digital assets regulatory framework
The Australian government has launched a consultation aimed at introducing a regulatory framework for digital and crypto asset platforms. The proposed framework would apply to digital asset platforms that present similar risks to entities that operate in the traditional financial system. It therefore proposes to leverage the Australian financial services framework to regulate digital asset platforms to ensure consistent oversight and safeguards for consumers.
The proposal would require digital asset platforms that hold over a certain threshold of Australians assets ($1,500 for an individual; $5 million in aggregate) to obtain an Australian Financial Services Licence. Digital asset platforms would also need to meet all general licence obligations drawn from the Australian financial services law, including:
- providing the financial service efficiently, honestly, and fairly;
- managing conflicts of interest;
- having a dispute resolution system;
- meeting solvency and cash reserve requirements;
- keeping and submitting financial records;
- producing product disclosure statements; and
- monitoring for and disrupting market misconduct.
Trading, staking, tokenisation and fundraising would have additional obligations under the proposal, which closes for comment on 1 December 2023
SRA publishes 2022/23 AML report
The UK’s Solicitors Regulation Authority has published its annual anti-money laundering report for the 2022/23 year.
The report notes that 47 UK law firms were enforced against and fines totalling £137,402 imposed from 23 of those enforcements.
The most common area for breaches were firm-wide AML controls, with over half of the cases involving a failure to have a compliant firm-wide risk assessment (FWRA) in place.
Other common breaches included:
- Poor customer due diligence (CDD), particularly in the buying and selling of property.
- Failure to perform ongoing monitoring of transactions and to undertake source of funds checks.
- Failure to apply enhanced customer due diligence (EDD) and enhanced ongoing monitoring.
- Failure to recognise work that brings the firm into scope of the regulations.
- Failing to have sufficient regard for SRA warning notices, red flag indicators, and sector wide guidance.
The report identified three key themes that contributed to these breaches:
- Inadequate importance placed on having robust and compliant AML risk assessments, policies, controls, and procedures
- Inadequate supervision or training of fee earners on the regulations and on the firm’s policies, controls, and procedures
- Having systems and processes that allow events to happen unchecked, such as receipt of funds or moving to the next stage in the transaction (rather than an automated ‘stop’ being put to a transaction until customer due diligence has been completed)
SEC adopts new rules for short selling and securities loans
The Securities and Exchange Commission (SEC) has adopted a new Rule 13f-2 and related Form SHO, as well as an amendment to the national market system plan (NMS Plan) governing the consolidated audit trail (CAT), to provide greater transparency of short sale-related data.
Rule 13f-2 requires institutional investment managers (Managers) that meet or exceed certain prescribed reporting thresholds to report on Form SHO certain short position and short activity data for equity securities. The SEC will then aggregate and publish certain data collected from Form SHO.
The amendment to the NMS Plan governing CAT requires CAT reporting firms to indicate whether an order is a short sale effected by a market maker in connection with bona fide market making (BFMM) activities for which the BFMM exception in Rule 203(b)(2)(iii) of Regulation SHO is claimed.
The SEC has also adopted final rule 10c-1a on the reporting of securities loans which requires that certain persons report specified information about securities loans to a registered national securities association (“RNSA”), in the format and manner required by the RNSA, and within specified time periods; and that an RNSA make publicly available certain information it receives, within specified time periods, and keep confidential certain information it receives.
Both rules become effective 60 days following publication in the Federal Register.
Equifax fined £11 million
The UK’s financial regulator, the Financial Conduct Authority (FCA), has fined Equifax £11, 164,400 million for failing to manage and monitor the security of UK consumer data it had outsourced to its parent company based in the US.
The breach allowed hackers to access the personal data of millions of people and exposed UK consumers to the risk of financial crime.
The FCA said that Equifax did not treat its relationship with its parent company as outsourcing and failed to provide sufficient oversight of how data it was sending was properly managed and protected.
Equifax also made several public statements on the impact of the incident to UK consumers which gave an inaccurate impression of the number of consumers affected.
The FCA said that regulated financial firms must have effective cyber security arrangements to protect the personal data they hold and that firms are on the hook for data they outsource.
Equifax agreed to resolve the issue and hence qualified for a 30% on the fine imposed. Were it not for this discount, the Authority would have imposed a financial penalty of £15,949,200.
A selected summary of key developments for regulated financial institutions
Access all of our daily regulatory content by using the login button below.
To find out more about how CUBE can help your business click here.