FCA issues PS23/16 on Sustainability Disclosure Requirements (SDR) and investment labels
The FCA has released its policy statement PS23/16 on Sustainability Disclosure Requirements (SDR) and investment labels. PS23/16 includes a set of measures aimed at helping consumers navigate the market for sustainable investment products. The measures include:
- An anti-greenwashing rule for all FCA-authorised firms to ensure that sustainability-related claims are fair, clear, and not misleading. The FCA is also consulting on supporting guidance.
- Naming and marketing rules for investment products to ensure that the use of sustainability-related terms is accurate.
- Four labels to help consumers navigate the investment product landscape and enhance consumer trust.
- Consumer-facing information to provide consumers with better, more accessible information to help them understand the key sustainability features of a product.
- Detailed information targeted at institutional investors and consumers seeking more information in pre-contractual, ongoing product-level, and entity-level disclosures.
- Requirements for distributors to ensure that product-level information (including the labels) is made available to consumers.
The FCA has also published qualitative research conducted by Thinks Insight & Strategy which explores the extent to which consumers understand and support sustainability labels and disclosure information.
FCA consults on prudence of personal investment firms
The Financial Conduct Authority (FCA) has published Consultation Paper CP23/24: Capital deduction for redress: personal investment firms, which sets out proposals to require personal investment firms (PIFs) to be more prudent and set aside capital for potential redress liabilities at an early stage.
More than £760 million has been paid by the Financial Services Compensation Scheme (FSCS) since 2016 and the CP is clear that its proposals are to try to reduce the burden on the FSCS and broader industry. It notes however that around 500 sole trading firms will be exempt from the new proposals. In summary the new proposals would:
- require PIFs to quantify an amount for their potential redress liabilities;
- require PIFs to set aside capital resources for potential redress liabilities through a new capital deduction; and
- require PIFs with potential redress liabilities that fall below their capital requirements to comply with an asset retention requirement.
Separately, the FCA has also issued a Dear CEO letter to PIFs, stressing that they will be monitoring behaviour during the consultation period to ensure that firms do not avoid potential redress liabilities by amending their corporate structures.
The deadline for comments on the consultation is 20 March 2024.
Implementing DORA speech by Gerry Cross
Gerry Cross, Director of Financial Regulation – Policy and Risk at the Central Bank of Ireland and Chair of the Joint European Supervisory Authorities (ESAs) Sub-Committee on Digital Operational Resilience, has been speaking about the implementation of the EU’s Digital Operational Resilience Act (DORA).
He began by asserting that the implementation of DORA remains on track for the January 2025 deadline. DORA involves a two-phase development of implementing regulations. The first phase, covering risk management, simplified risk management, “major incident” classification, and outsourcing regulations, is set to be submitted to the Commission in early 2024. The second phase, including the major incident reporting template, threat-led penetration testing, and managing subcontracting chains, is on track for public consultation in “the coming weeks”.
Cross went on to outline some of the challenges in designing a framework for digital operational resilience, including its cross-sectoral nature, broad incidence, dynamic context, fragmentation, and technical complexity. He noted that DORA is a sophisticated, integrated, comprehensive, and pragmatic approach to these challenges.
Looking at the key features of DORA, Cross noted the following:
- Cross-sectoral and wide-scope: DORA is a comprehensive and cross-sectoral regulation applicable to all financial firms, irrespective of size or complexity.
- Third-party oversight: DORA introduces an oversight regime for third-party services, including cloud providers, facilitating regulators’ oversight of these entities without directly regulating them.
- Urgency: DORA imposes a short timeline for implementation to address the rapidly evolving digital landscape, with regulations to be submitted within 12 to 18 months.
Implementing the new framework
Turning to how the DORA framework is to be implemented, Cross explained how The ESAs, through the sub-committee on DORA, are actively involved in developing regulatory standards for DORA’s implementation. More than 40 competent authorities across Europe are part of this committee, ensuring diverse technical and sectorial expertise.
He noted too a number of guiding principles behind the implementation including the following.
- Momentum: Recognising the urgency of the task, aiming for a strong and timely implementation.
- Pragmatism: Adopting a pragmatic approach to balance complexity and tight timelines.
- Quality: Ensuring the delivery of a high-quality framework.
- Proportionality: Recognising the diverse nature of firms and applying proportionality in the regulatory approach.
- Engagement: Prioritising effective engagement with stakeholders through consultations and events.
Cross then turned his attention to some of the different aspects of DORA outlined above and their implementation plans.
- Information and communications technology (ICT) risk management: DORA encompasses familiar requirements for firms, including the identification, classification, and protection of ICT assets. It brings a focus on outsourcing risk management and concentration risk assessment, putting obligations on firms to establish a register of information for all contractual arrangements on the use of ICT services provided by third-party service providers.
- Operational resilience and threat-led pen testing: DORA emphasises the establishment of comprehensive resilience-testing programs, including threat-led penetration testing for larger financial entities.
- ICT incident reporting: DORA sets expectations for firms to detect, manage, and report ICT-related incidents. Classification criteria and reporting templates are being finalised to facilitate this requirement in the coming weeks. Cross noted that: “many regulated financial entities already have numerous incident reporting requirements, in this case DORA will lessen the burden by having to report one incident under just one obligation.”
- Third-party oversight regime: DORA Establishes an oversight regime for Critical Third Party Providers (CTPPs), involving the designation of critical providers and the creation of Joint Examination Teams (JETs) for oversight. Again, Cross noted that a regulatory technical standard (RTS) on aspects of the conduct of oversight is being finalised for public consultation in the coming weeks. Cross again emphasised the distinction here between oversight of CTPPs and supervision, adding that “it remains the responsibility of regulated financial entities to continue to take full responsibility for their outsourcing activities and to comply with the very significant principles and rules that have been built up in this area over recent years, including now in DORA and its implementing regulation.”
Cross said the first batch of regulatory and technical standards is undergoing finalisation after public consultation, and the second batch is expected to be launched for consultation soon. The development of working arrangements for the Third-Party Oversight Regime, including JETs, is underway.
In summary, the speech provided a detailed overview of the progress, challenges, and focus areas in implementing DORA, emphasising the ambitious and comprehensive nature of the regulatory framework. Compliance teams looking for a snapshot of where DORA is right now, its implications and its implementation would benefit from reviewing the speech.
EBA extends AML/CFT guidelines to CASPs
The European Banking Authority (EBA) has confirmed that it has extended its risk-based anti-money laundering and countering the financing of terrorism (AML/CFT) supervision guidelines to AML/CFT supervisors of crypto-asset service providers (CASPs).
The new guidelines are included in a final report which underscores the significance of collaboration among competent authorities, prudential supervisors, and other stakeholders. The report emphasises the need for a uniform approach in establishing supervisory expectations, especially in cases where multiple competent authorities oversee the same institutions. The report also outlines the various sources of information available to competent authorities when overseeing cryptoasset service providers. Additionally, it details how competent authorities should identify and communicate sector-specific guidance effectively. The report also stresses the crucial role of training to ensure that staff possesses the requisite technical skills and expertise for overseeing crypto-asset service providers and executing their functions effectively.
The new guidelines set clear expectations of the steps supervisors should take to identify and manage money laundering and terrorism financing (ML/TF) risks in CASPs and are an important step forward in the EU’s fight against financial crime.
The new guidelines will apply from 30 December 2024.
HKMA launches faster payments system alert mechanism
The Hong Kong Monetary Authority (HKMA) has introduced the Faster Payment System (FPS) Suspicious Proxy ID Alert, aiming to heighten user awareness of potential fraud risks associated with FPS proxy IDs before transactions.
In collaboration with the Hong Kong Police Force (HKPF), the Hong Kong Interbank Clearing Limited, banks, and stored value facility operators (SVFs), the HKMA has developed the alert mechanism utilising information from the HKPF’s Scameter, an anti-fraud search engine developed by the HKPF. A total of 44 banks and SVFs offering real-time fund transfer services have embraced the initiative.
The mechanism alerts users to high fraud risks if the payee’s FPS proxy ID matches those labelled “High Risk” on Scameter, prompting users to reconsider transactions. Regardless of alerts, users are advised to verify payment details and the payee’s identity before transactions to prevent potential losses.
Participating institutions have integrated this feature into updated mobile banking and e-wallet applications. The initiative marks a significant step towards enhancing the security of financial transactions and protecting users from potential fraud risks.
HKMA publishes research on the benefits of bond tokenisation
The Hong Kong Monetary Authority (HKMA) has published a research report discussing the benefits of bond tokenisation. The report examines recent developments in the tokenised bond market, outlines the efficiency gains, and highlights the impact on bond liquidity.
The report suggests that the adoption of tokenisation in bond issuance could, indeed, enhance the efficiency and liquidity of bond markets. It concludes that policies aimed at expanding the investor base of the tokenised bond market would enable the realisation of the potential benefits of tokenisation.
Bank of America fined $12m
The Consumer Financial Protection Bureau (CFPB) has fined Bank of America $12 million for submitting false mortgage lending information to the federal government.
For four years or more, Bank of America loan officers reported that mortgage applicants had chosen not to respond to certain demographic questions about race, sex and ethnicity when in reality the officers had failed to ask the questions. This was in breach of the Home Mortgage Disclosure Act which requires financial institutions to report demographic data about mortgage applicants.
The CFPB notice highlights the ‘numerous’ other actions it has taken against Bank of America for violating federal law including:
- In July 2023, the CFPB and the Office of the Comptroller of the Currency (OCC) ordered Bank of America to pay more than $200 million for illegally charging junk fees, withholding credit card rewards, and opening fake accounts.
- In 2022, CFPB and OCC ordered Bank of America to pay $225 million in fines and refund hundreds of millions of dollars to consumers for botched disbursement of state unemployment benefits.
- In 2022 Bank of America paid a $10 million penalty for unlawful garnishments of customer accounts.
- In 2014, the CFPB ordered Bank of America to pay $727 million to consumers for illegal and deceptive credit card marketing practices.
HKMA publishes research on the financial stability implications of private equity for emerging market economies
The Hong Kong Monetary Authority (HKMA) has released a research report on the financial stability implications of private equity for emerging market economies.
The report reveals that venture and growth capital (VGC) is the dominant form of private equity in emerging market economies, accounting for 68% of the total. Meanwhile, only around 20% of VGC in the data sample involved debt issuance by the invested firms. Debt issuance is found to have a negative effect on the future financial performance of firms, particularly due to higher leverage.
Overall, the findings suggest that systemic risks stemming from private equity to emerging market economies as a whole may not be particularly high. However, further efforts are needed to close data gaps and assess the financial stability impacts.
A selected summary of key developments for regulated financial institutions
Access all of our daily regulatory content by using the login button below.
To find out more about how CUBE can help your business click here.