Global Financial Compliance Ed10 (1)-1-64.pdf

Certificate in Global Financial Compliance Global Financial Compliance Edition 10, July 2022 This learning manual relates to syllabus version 10.0 and will cover exams from 1 October 2022 to 30 September 2024 Welcome to the Chartered Institute for Securities & Investment’s Global Financial Compliance study material. This workbook has been written to prepare you for the Chartered Institute for Securities & Investment’s Global Financial Compliance examination. Published by: Chartered Institute for Securities & Investment © Chartered Institute for Securities & Investment 2022 20 Fenchurch Street London EC3M 3BY Tel: +44 20 7645 0600 Fax: +44 20 7645 0601 Email: [email protected] www.cisi.org/qualifications Author: Dr Natalie Schoon ACSI Reviewers: Alwyn Li, FCCA, CIA, CCSA, CAMS, IOC+ Karl Micallef This is an educational workbook only, and the Chartered Institute for Securities & Investment accepts no responsibility for persons undertaking trading or investments in whatever form. While every effort has been made to ensure its accuracy, no responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication can be accepted by the publisher or authors. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without the prior permission of the copyright owner. Warning: any unauthorised act in relation to all or any part of the material in this publication may result in both a civil claim for damages and criminal prosecution. A learning map, which contains the full syllabus, appears at the end of this workbook. The syllabus can also be viewed on cisi.org and is also available by contacting the Customer Support Centre on +44 20 7645 0777. Please note that the examination is based upon the syllabus. Candidates are reminded to check the Candidate Update area details (cisi.org/candidateupdate) on a regular basis for updates as a result of industry change(s) that could affect their examination. The questions contained in this workbook are designed as an aid to revision of different areas of the syllabus and to help you consolidate your learning chapter by chapter. Workbook version: 10.1 (July 2022) Important – Keep Informed on Changes to this Workbook and Examination Dates Changes in industry practice, economic conditions, legislation/regulations, technology and various other factors mean that practitioners must ensure that their knowledge is up to date. At the time of publication, the content of this workbook is approved as suitable for examinations taken during the period specified. However, changes affecting the industry may either prompt or postpone the publication of an updated version. It should be noted that the current version of a workbook will always supersede the content of those issued previously. Keep informed on the publication of new workbooks and any changes to examination dates by regularly checking the CISI’s website: cisi.org/candidateupdate Learning and Professional Development with the CISI The Chartered Institute for Securities & Investment is the leading professional body for those who work in, or aspire to work in, the investment sector, and we are passionately committed to enhancing knowledge, skills and integrity – the three pillars of professionalism at the heart of our Chartered body. CISI examinations are used extensively by firms to meet the requirements of government regulators. Besides the regulators in the UK, where the CISI head office is based, CISI examinations are recognised by a wide range of governments and their regulators, from Singapore to Dubai and the US. Around 50,000 examinations are taken each year, and it is compulsory for candidates to use CISI workbooks to prepare for CISI examinations so that they have the best chance of success. Our workbooks are normally revised every year by experts who themselves work in the industry and also by our Accredited Training Partners, who offer training and elearning to help prepare candidates for the examinations. Information for candidates is also posted on a special area of our website: cisi.org/candidateupdate. This workbook not only provides a thorough preparation for the examination it refers to, it is also a valuable desktop reference for practitioners, and studying from it counts towards your Continuing Professional Development (CPD). Mock examination papers, for most of our titles, will be made available on our website, as an additional revision tool. CISI examination candidates are automatically registered, without additional charge, as student members for one year (should they not be members of the CISI already), and this enables you to use a vast range of online resources, including CISI TV, free of any additional charge. The CISI has more than 40,000 members, and nearly half of them have already completed relevant qualifications and transferred to a core membership grade. You will find more information about the next steps for this at the end of this workbook. The International Regulatory Environment................... 1 1 The Compliance Function.............................. 59 2 Managing the Risk of Financial Crime....................... 93 3 Ethics, Integrity and Fairness............................ 127 4 Governance, Risk Management and Compliance................ 167 5 Appendices....................................... 203 Glossary......................................... 225 Multiple Choice Questions.............................. 233 Syllabus Learning Map........................................ 269 It is estimated that this manual will require approximately 100 hours of study time. What next? See the back of this book for details of CISI membership. Need more support to pass your exam? See our section on Accredited Training Partners. Want to leave feedback? Please email your comments to [email protected] Before you open Chapter 1 We love a book!...but don’t forget you have been sent a link to an ebook, which gives you a range of tools to help you study for this qualification Depending on the individual subject being studied and your device, your ebook may include features such as: Watch video clips Read aloud A A Adjustable text size allows Pop-up definitions related to your function* you to read comfortably syllabus on any device* Highlight, bookmark Images, tables and Links to relevant End of chapter questions and make animated graphs websites and interactive multiple annotations digitally* choice questions * These features are device dependent. Please consult your manufacturers guidelines for compatibility The use of online videos and voice functions allowed me to study at home and on the go, which helped me make more use of my time. I would recommend this as a study aid as it accommodates a variety of learning styles. Find out more at cisi.org/ebooks Billy Snowdon, Team Leader, Brewin Dolphin ebook bw 18.indd 1 02/10/2018 12:01:33 1 Chapter One The International Regulatory Environment 1. Models of Regulation 3 2. The International Approach to Regulation 34 This syllabus area will provide approximately 20 of the 100 examination questions 2 The International Regulatory Environment 1. Models of Regulation 1 1.1 Objectives and Benefits of Regulation Learning Objective 1.1.1 Understand the objectives and benefits of regulation Effective capital and financial markets are an essential part of the economy. They fuel economic development and aid wealth creation. Confidence and trust in these markets are vital. Loss of confidence and trust can result in the failure of financial companies and have an adverse impact on the economy. This can, among others, result in recession, loss of jobs and income, reduction of the value of investments, reduction in market capitalisation of companies, and defaults on loans. The near collapse of large financial institutions during the 2007–08 financial crisis had a global impact and the subsequent bailout of the banks, reduction in government spending and increase in taxes has had a far-reaching impact on individuals and corporations. As the Basel Committee for Banking Supervision (BCBS) notes in their corporate governance principles, banks and, by extension, financial markets play a crucial role in the economy by intermediating funds from savers and depositors to activities that support enterprise and help drive economic growth. Their safety and soundness are critical to financial stability, and therefore, corporate governance. Thus, rules and codes of conduct are of the utmost importance to protect investors and the general public. Although the development of such rules and the extent to which they are enforced still varies from country to country, the development of global financial markets depend on an agreement on standards of behaviour and mechanisms for dispute resolution. These standards, rules and codes of conduct can be established through self-regulation of the industry, or by means of a statutory approach where governments provide enabling legislation and establish statutory-based regulatory authorities. Integrity and ethical behaviour are a key part of any code of conduct. As a result of the financial crisis, integrity and ethical behaviour has experienced renewed focus from professional bodies, governments and regulators. As financial markets have become increasingly global in nature and interdependence has grown, the financial sector has moved from self-regulation to a statutory approach. This has facilitated international cooperation and the development of improved and common standards. Regulation has also been used to restrict the ability of criminals and terrorists to use the financial system to their advantage, and to aid enforcement and intelligence agencies to identify criminal activity. Again, this has developed from purely domestic initiatives to major international efforts to reduce crime related to financial services. These crimes include money laundering (ML), fraud and tax evasion. The objectives and benefits of regulation can be summarised as: increase in confidence and trust in financial markets, systems and products establish an environment to encourage economic development and wealth creation reduce the risk of market and system failures, including their economic consequences enhance consumer protection, giving them the reassurance they need to save and invest, and reduce financial crime by ensuring financial systems cannot easily be exploited. 3 1.2 Law and Regulation Learning Objective 1.1.2 Know the interaction between law and regulation The objectives and benefits of regulation are typically achieved through a combination of laws and regulations. Law – the principles and regulations established in a community by an authority and applicable to the people. Laws can be a combination of legislation, custom, and policies recognised and enforced by judicial decision. When a person is found guilty of breaking the law, they are typically punished with a reprimand, a prison sentence and/or a penalty. Financial services legislation provides the structural framework for the sector itself, as well as the products it offers. In the UK, for example, key legislation includes the Financial Services and Markets Act 2000 (FSMA), which sets out the UK’s regulatory structure, and multiple Finance Acts which contain provisions related to taxes, duties, exemptions and reliefs. National and international laws regarding the prevention of money laundering and terrorist financing (ML/TF), tax and other financial services-related crimes will be incorporated into the appropriate regulations relevant to the structuring of banking or other financial products or customer advice. Regulation – combination of rules and standards generally covering matters such as observing proper standards of market conduct, managing conflicts of interest, treating customers fairly, ensuring the suitability of customer advice, and ensuring stability of the financial system. Compliance laws, rules and standards have various sources, including: primary legislation rules and standards issued by legislators and supervisors market conventions codes of practice promoted by industry associations or professional bodies, and internal codes of conduct applicable to the staff members of financial institutions. Industry and internal codes are likely to go beyond what is legally binding and embrace broader standards of integrity and ethical conduct. 4 The International Regulatory Environment 1.3 Rules-Based and Principles-Based Approaches 1 Learning Objective 1.1.3 Understand the main differences between rules-based and principles-based approaches to financial regulation When drafting regulation, regulators make a choice between rules-based and principles-based regulation. Rules-based – rules-based regulations are mainly prescriptive procedures including very detailed rules. These rules specify exactly what individuals and firms must do to ensure they comply. A rules- based approach requires strict adherence to precise rules with little allowance for interpretation. It is typically inflexible and may result in a tick-box exercise. Principles-based – principles-based regulations focus on the spirit of the rules and, therefore, the types of behaviour and outcomes. Unlike the rules-based approach, it is not about blindly following the rules. A principles-based approach acts as a fundamental source of guidance on how firms and individuals are expected to act. How individuals and firms ensure they comply with the regulations, and to what extent the principles are met, is their own responsibility. A rules-based approach must be sufficiently detailed in order to provide a reliable distinction between right and wrong. Maintaining a comprehensive rules-based model is challenging, particularly in evolving markets with an increase in the use of technology, and a wider range of products and assets. A broader and more complicated market requires a larger body of rules which take into account evolving business activities. The challenge faced by regulators with a principles-based approach is ensuring that firms apply consistent interpretations to their implementation of the principles. Some firms and compliance officers prefer a rules-based approach because they know exactly what is expected of them, and they cannot be challenged or criticised as long as they strictly follow the rules. Others prefer a principles-based approach because it provides scope for innovation and the freedom to develop services and business models within the framework of the principles. The success of a principles-based approach depends on firms and individuals making the right decisions. Strong ethical standards, often set by professional bodies like the Chartered Institute for Securities & Investment (CISI), play a key role in a principles-based regulatory environment (see chapter 4, Ethics, Integrity and Fairness). Since 2001, the UK’s financial regulators have applied a combination of principles- and rules-based approaches. The Financial Conduct Authority (FCA) has actively reduced prescriptive rules by adopting a more principles-based approach. One of the results of the 2008–09 financial crisis is that principles-based decision making is deemed to have failed, leading to a greater focus on the specific outcomes expected by rules-based regulation. The demand for stricter rules is a natural political reaction to a crisis, and principles-based decision making will remain important. 5 1.4 Models of Self-Regulation Learning Objectives 1.1.4 Understand models of self-regulation 1.1.5 Understand the regulation of faith- and ethical-based finance and the attendant regulatory implications Self-regulation is a situation in which groups or industries mutually agree the rules that will govern their own collective behaviours. It exists in addition to laws or regulations established by governments or regulatory bodies. In some cases, self-regulation develops because there is no regulation in place. While self-regulation measures must operate within the parameters of national laws, strong self-regulation can reduce the need for, or extent of, state regulation. In the financial sector, self-regulation is typically a unique combination of private interests with government oversight, which has delivered an effective and efficient form of regulation for the complex and dynamic environment. As stated in a report by the International Organization of Securities Commissions (IOSCO) on Objectives and Principles of Securities Regulation: ‘Self-regulatory organisations (SROs) can be a valuable component to the regulator in achieving the objectives of securities regulation’. The adoption of self-regulation differs from country to country, across market sectors and across developed and emerging markets. Where its role is significant, it is almost always the result of a long track record of responsible behaviour under the oversight of statutory regulators. That relationship with statutory regulators has permitted SROs to contribute to the quality of regulation and to the content of policy in the public interest. The broad objectives of self-regulation in financial markets are the same as those identified for government regulation in the IOSCO Objectives and Principles of Securities Regulation to: preserve market integrity (fair, efficient and transparent markets) preserve financial integrity (reduce systemic risk), and protect investors. Many different forms of self-regulation currently exist for financial markets to achieve these objectives such as: industry SROs exchange self-regulatory frameworks, and private associations. All of these define and encourage adherence to standards of best practice among their participants. Self-regulation typically focuses on oversight of the market itself, qualification standards for market intermediation and oversight of the business conduct of intermediaries. Business conduct of intermediaries include their relationship with their client market users. A single SRO may be responsible for all of these tasks, or they may be divided or shared among SROs within a given country or market sector. 6 The International Regulatory Environment Some approaches may be applied purely within the organisation, such as ethical-based finance. A 1 firm may hold strong principles that guide its investment policies (eg, avoidance of sectors such as weaponry or tobacco). A firm might also choose to market itself according to ethical positions because it meets their values, or to attract certain customers. While there may be no specific independent party overseeing such practices, a firm that publicly takes a moral position must ensure its reputation is secure. 1.4.1 Key Elements of an Effective Self-Regulatory Model The elements which contribute to an effective self-regulatory model include the following: Industry-specific knowledge – important given the complexity of markets and products. Industry motivation – business incentive to operate a fair, financially sound and competitive marketplace. Reputation and competition are powerful motivating forces for sustained behaviour. Contractual relationship – this can go beyond national boundaries and require ethical standards that go beyond government regulations. Transparency and accountability – an SRO’s compliance programme should be transparent and accountable to ensure that SROs follow professional standards of behaviour on matters including confidentiality and procedural fairness. Such transparency can occur in different ways, including making SRO rules accessible to the public in printed or digital form, and by publicising significant disciplinary actions taken by an SRO and through educational outreach programmes. The inclusion of both public representatives and industry professionals on an SRO’s governing body and public participation in deliberations pertaining to regulatory policy and rulemaking can also provide the foundation for an open organisation. In some jurisdictions, SROs prepare regulatory plans that are submitted to their statutory regulator and made available to the public. These regulatory plans describe the SRO’s regulatory objectives, activities for the year, and a cost forecast. Flexible SRO compliance programmes – self-regulatory bodies are generally able to modify their rules quicker than government agencies. This is due to their experience and expertise in the industry, their size, and because they are not subject to the more rigid requirements typically imposed on the rulemaking process of statutory regulators. Coordination and sharing information – coordination and information sharing between markets is important to address cross-market issues. A coordinated approach is necessary to address potential market abuse or systemic risk concerns that may impact more than one market. In 2000, a report by IOSCO’s SRO Consultative Committee (Model for Effective Regulation) indicated that an SRO’s common regulatory practices and objectives should include: enforcing rules and regulations through investigations and disciplinary action conducting financial/operations and sales practice examinations conducting fitness screening for access to marketplace handling customer complaints having surveillance programmes to detect improper conduct sharing information and cooperating with other SROs, and providing a dispute resolution forum. An integral component of many SRO compliance programmes is the development of guidebooks and other educational materials to help their members meet their regulatory responsibilities. 7 An example of self-regulation is the use of the International Swaps and Derivatives Association (ISDA) Master Agreement. ISDA is a membership association established in 1985 with the aim of fostering a safe and efficient derivatives market to facilitate effective risk management for all users of derivatives products. Members of ISDA agree to use the ISDA Master Agreement and associated documentation as a basis for derivative transactions. Members benefit from the netting provisions, which enable firms to net their exposures with each other. As a result, the transactions are legally treated as a single transaction with a single net value. 1.4.2 Islamic Finance Adoption of Self-Regulation Some forms of self-regulation are established to reflect wider principles, for example, principles associated with religious observance. An example of faith- and ethical-based regulation is the Islamic finance industry, which is regulated by a combination of self-regulatory bodies and statutory regulation in the countries in which they operate. Islamic commercial and financial ethics stem from the principles of Shariah (also referred to as Islamic law) which includes the major prohibitions of riba (interest), gharar (unnecessary uncertainty) and maysir (gambling). All values, standards and rules structuring Islamic commercial and financial ethics are outlined in Shariah, which is best characterised as a framework providing legal, moral and spiritual guidance aimed at achieving the goals of Islam. Similar to other financial institutions, Islamic financial institutions are authorised and supervised by the regulatory authority in their country of incorporation. In addition, the following two self-regulating bodies have been established: The Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI). The Islamic Financial Services Board (IFSB). AAOIFI is an autonomous body responsible for the formulation and issuance of accountancy, auditing ethics, governance and Shariah standards for the international Islamic banking and finance industry. The standards have been developed to encourage the harmonisation of Islamic banking and finance practices, and to ensure transparency and uniformity of financial reporting by Islamic banks and financial institutions. The IFSB is an international standard-setting organisation with a mission to promote and enhance the soundness and stability of the Islamic financial sector by issuing global prudential standards and guiding principles for the industry, broadly defined to include banking, capital markets and insurance sectors. The IFSB standards are mainly based on the identification, management and disclosure of risks relevant to Islamic products and operations. Full members of the IFSB are typically central banks in countries where Islamic financial institutions are incorporated. These countries are invited to apply the (optional) IFSB standards in order to provide a comparable regulated environment for the Islamic financial sector. The standards are mandatory in some countries, such as Bahrain and Sudan, and are used as guidelines in others. From the perspective of financial institutions, Shariah compliance can be achieved in various ways including by adopting national regulation, or by the voluntary adoption of Shariah-compliant standards through the directives and resolutions of the firms’ internal Shariah boards. 8 The International Regulatory Environment 1.5 Extra-Territorial Reach of Legislation 1 Learning Objective 1.1.6 Understand the purpose of the following: Data Protection, eg, GDPR; Tax Reporting, eg, CRS, FATCA; Banking Reform, eg, ICB, Dodd-Frank; Market Integrity, eg, MiFID II, MiFIR, MAR, EMIR, PSD2, Sarbanes Oxley, CSDR; Financial Crime, eg, UK Bribery Act, FCPA, AMLD As the financial sector is international, many regulations and laws have application beyond national borders. Compliance officers need to be aware and understand the potential impact of such legislation. The regulations outlined in the remainder of this section are EU regulations which are implemented across the EU by individual member states. These also form the basis for the implementation of similar rules in countries outside the EU, amended to cater for specific local circumstances. The UK, for example, has adopted the main provisions of EU financial laws into UK legislation since its withdrawal from the EU on 1 January 2021. However, the UK has also made changes, such as the lowering of the age of consent for GDPR from 16 to 13 years, and the exemption from the MiFID inducement rules for research on SME issuers. Other deviations may happen over time. 1.5.1 Data Protection (GDPR) The EU General Data Protection Regulation (GDPR) was enforced on 25 May 2018 and replaced the Data Protection Directive. The GDPR is designed to harmonise data privacy laws across Europe to protect EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established. Although the key principles of data privacy still hold true to the previous directive, many changes have been proposed to the regulatory policies; the key points of the GDPR, as well as information on the impacts it will have on business can be found below. Increased Territorial Scope (Extra-Territorial Applicability) The biggest change to the data privacy regulations due to GDPR is the extended jurisdiction. GDPR applies to all companies processing the personal data of data subjects residing in the European Union (EU), regardless of the company’s location. Previously, territorial applicability of the directive was ambiguous and referred to as data processing 'in context of an establishment'. This topic has arisen in a number of high-profile court cases. The GDPR makes its applicability very clear – it will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not. The GDPR also applies to the processing of personal data of data subjects in the EU by a controller or processor who is not based in the EU, where the activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU. Non-EU businesses processing the data of EU citizens have to appoint a representative in the EU. Penalties Under GDPR, organisations in breach of the GDPR can be fined up to 4% of the annual global turnover of the previous financial year or €20 million (UK – £17.5 million), whichever is greater. This is the maximum fine that can be imposed for the most serious infringements, eg, not having sufficient customer consent to process data or violating the core of privacy by design concepts. 9 There is a tiered approach to fining, eg, a company can be fined 2% for not having their records in order (Article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors – meaning 'clouds' are not exempt from GDPR enforcement. Consent The conditions for consent have been strengthened, and companies are no longer able to use long illegible terms and conditions full of legalese. The request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. It must be clear and separate from other matters using clear and plain language. It must be as easy to withdraw consent as it is to give it. Data Subject Rights Breach Notification Under GDPR, breach notification is mandatory in all member states where a data breach is likely to 'result in a risk for the rights and freedoms of individuals'. This must be done within 72 hours of first having become aware of the breach. Data processors are required to notify their customers, the controllers, 'without undue delay' after first becoming aware of a data breach. Right to Access Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not their personal data is being processed, where and for what purpose. Furthermore, the controller must provide a copy of the personal data, free of charge, in an electronic format on request. Right to be Forgotten Also known as 'data erasure', the right to be forgotten entitles the data subject to have the data controller erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in Article 17, include the data no longer being relevant to the original purpose for processing, or a data subject withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to 'the public interest in the availability of the data' when considering such requests. Data Portability The GDPR has introduced data portability – the right for a data subject to receive the personal data concerning them, which they have previously provided in a 'commonly used and machine-readable format' and have the right to transmit that data to another controller. Privacy by Design Privacy by design as a concept has existed for years now, but has become part of a legal requirement with the GDPR. At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than as an addition. 10 The International Regulatory Environment More specifically: 1 'The controller shall...implement appropriate technical and organisational measures...in an effective way...in order to meet the requirements of this Regulation and protect the rights of data subjects'. Article 23 calls for controllers to hold and process only the data absolutely necessary for the completion of its duties (data minimisation), as well as limiting the access to personal data to those needing to carry out the processing. Data Protection Officers (DPOs) Under GDPR, notifications/registrations no longer need to be submitted to each local Data Protection Authority (DPA) of data processing activities. It is also no longer a requirement to notify/obtain approval for transfers based on the model contract clauses (MCCs). Instead, there are internal record-keeping requirements, as further explained below, and the appointment of a data protection officer (DPO) is mandatory only for those controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offences. Importantly, the DPO: must be appointed on the basis of professional qualities and, in particular, expert knowledge on data protection law and practices may be a staff member or an external service provider contact details must be provided to the relevant DPA must be provided with appropriate resources to carry out their tasks and maintain their expert knowledge must report directly to the highest level of management, and must not carry out any other tasks that could result in a conflict of interest. 1.5.2 Banking Reform Independent Commission on Banking (ICB) The Independent Commission on Banking (ICB) was a UK government inquiry set up to investigate structural and related non-structural reforms to the UK banking sector to promote financial stability and competition in the wake of the financial crisis of 2007–08. The ICB was established in June 2010 and produced their recommendations in September 2011. The consequences of their findings and recommendations are far-reaching and have resulted in UK banks ring-fencing their retail operations from the investment banks to safeguard the retail banks from the riskier activities. The ICB recommendations have been implemented as of 1 January 2019, effectively creating separate legal entities for retail and investment banking activities. Dodd-Frank The Dodd-Frank Act is the result of a proposal by President Obama in June 2009 for a: ‘sweeping overhaul of the United States financial regulatory system, a transformation on a scale not seen since the reforms that followed the Great Depression’. 11 The Dodd-Frank Act includes: consolidation of regulatory agencies, elimination of the national thrift charter, and a new oversight council to evaluate systemic risk comprehensive regulation of financial markets, including increased transparency of derivatives (bringing them on to exchanges) consumer protection reforms including a new consumer protection agency and uniform standards for ‘plain vanilla’ products as well as strengthened investor protection tools for financial crises, including a ‘resolution regime’ complementing the existing Federal Deposit Insurance Corporation (FDIC) authority to allow for an orderly winding down of bankrupt firms, and including a proposal that the Federal Reserve receive authorisation from the Treasury for extensions of credit in ‘unusual or exigent circumstances’, and various measures aimed at increasing international standards and cooperation – included in this section were proposals related to improved accounting and tightened regulation of credit rating agencies. The objective of the Dodd-Frank Act is to promote the financial stability of the US by improving accountability and transparency in the financial system, to end ‘too big to fail’, to protect the American taxpayer by ending bailouts, to protect consumers from abusive financial services practices, and for other purposes. The Act has changed the existing regulatory structure, by creating a number of new agencies, whilst merging and removing others in an effort to streamline the regulatory process, increase oversight of specific institutions regarded as a systemic risk, amend the Federal Reserve Act and promote transparency. The Act: established rigorous standards and supervision to protect the economy and American consumers, investors and businesses ended taxpayer-funded bailouts of financial institutions provided for an advanced warning system on the stability of the economy created rules on executive compensation and corporate governance, and eliminated the loopholes that led to the economic recession. The new agencies are granted explicit power over a particular aspect of financial regulation which may have been transferred from an existing agency. All agencies need to report to Congress on an annual (or biannual) basis, presenting the results of current plans and to explain future goals. Prior to the passage of the Dodd-Frank Act, investment advisers were not required to register with the Securities and Exchange Commission (SEC) if they had fewer than 15 clients during the previous 12 months and did not hold themselves out generally to the public as an investment adviser. The Dodd-Frank Act has eliminated that exemption. Certain non-bank financial institutions are now supervised by the Federal Reserve in the same manner and to the same extent as if they were a bank-holding company. To enhance the regulatory system, changes have been proposed to existing agencies, including new powers and the transfer of powers to and from them. The institutions affected by these changes include most of the regulatory agencies currently involved in monitoring the financial system (eg, the FDIC, the SEC, Comptroller of the Currency, the Federal Reserve and the Securities Investor Protection Corporation (SIPC)). The Act impacts all US federal financial regulatory agencies and has eliminated the Office of Thrift Supervision, creating two new agencies: the Financial Stability Oversight Council (FSOC) and the Office of Financial Research (OFR). In addition, the Act has introduced several consumer protection agencies, including the Bureau of Consumer Financial Protection. 12 The International Regulatory Environment 1.5.3 Market Integrity 1 Markets in Financial Instruments Directive (MiFID II) and the Markets in Financial Instruments Regulation (MiFIR) Markets in Financial Instruments Directive (MiFID) is a European Union (EU) directive introduced in 2007. MiFID II, the updated version, came into force on 3 January 2018. Markets in Financial Instruments Regulation (MiFIR) is the associated regulation. One of the key aims of MiFID is to provide investor protection rules across the whole European Economic Area (EEA). Investor protection is ensured by the: obligation to obtain the best possible result for the client information disclosure requirements client-specific rules on suitability and appropriateness of financial products, and rules on inducements. As a general principle, MiFID places significant importance on the fiduciary duties of firms. It established a general obligation for firms to act in the client’s best interest, placing a fiduciary duty on firms to put their client’s interests ahead of the firm’s interest. Passporting MiFID supports two key policy goals of the EU. These are: extending the range of investment services for which a firm can obtain an EU ‘passport’ (ie, obtaining authorisation in one EU state – the home state – enabling a firm to provide investment services in another EU member state – the host state – without requiring any further local authorisations), and removing a major hurdle to cross-border business by no longer applying ‘host state’ rules to incoming passported firms. The range of investment services passportable under MiFID includes: receipt and transmission of orders in relation to one or more financial instruments execution of orders on behalf of clients dealing on own account portfolio management investment advice underwriting of financial instruments and/or placing of financial instruments on a firm commitment basis placing of financial instruments without a firm commitment basis, and operation of multilateral trading facilities (MTFs). The directives are binding on member states in terms of the result to be achieved but provide individual countries with the flexibility to implement the rules in their own national legal systems as they see fit. In the UK, for example, when implementing EU regulations, the FCA conducts a cost/benefit analysis on the implementation to assess the most appropriate way to proceed. 13 Areas for consideration include: ensuring that market innovation is not stifled protecting and, where possible, enhancing the international character of the UK’s financial markets, and considering the impact of any regulation on the competition. Prior to making any changes, the FCA publishes the proposed rules and guidance in draft for consultation. Consultation papers (CPs) are the formal means by which this consultation takes place. Discussion papers (DPs) are preliminary and informal discussion-stimulating papers. These papers give the various representative industry bodies an opportunity to respond to the proposals from the perspective of their impact on the risk management and control frameworks of their member firms. Once the consultation is concluded, the FCA takes into consideration all responses and issues a policy statement (PS), which details the decided policy and contains the feedback from the formal consultation. As EU regulatory institutions gain more power, they have produced more detailed rules to support the implementation of EU directives. As a result, the ability of national regulators to interpret the directive differently and, therefore, the scope for regulatory arbitrage is reduced. Choosing a location because of a more lenient local interpretation of the directive is no longer an option. MiFID II is an example of increased standardisation, as it is aimed at standardising areas such as product governance, suitability and appropriateness, and the disclosure of costs and charges. Market Abuse Regulation (MAR) The EU Market Abuse Regulation (MAR) came into force on 3 July 2016. It applies to: a. financial instruments admitted to trading on a regulated market or for which a request for admission to trading on a regulated market has been made b. financial instruments traded on an MTF, admitted to trading on an MTF, or for which a request for admission to trading on an MTF has been made c. financial instruments traded on an organised trading facility (OTF), and d. financial instruments not covered by points (a), (b) or (c), the price or value of which depends on or has an effect on the price or value of a financial instrument referred to in those points, including, but not limited to, credit default swaps and contracts for difference. MAR includes behaviour or transactions, including bids, relating to the auctioning on an auction platform authorised as a regulated market of emission allowances or other auctioned products based thereon, including when auctioned products are not financial instruments. MAR incorporates the following European Securities and Markets Authority (ESMA) guidelines: Inside information of commodity derivatives, including that information which is reasonably expected or required to be disclosed on relevant commodity derivative and spot markets. Delay disclosure of inside information. Market soundings detailing the factors, steps and appropriate records required to be taken into consideration when information is disclosed as part of the sounding regime. MAR includes the requirements for disclosure of emission allowances, and the need to maintain an insider list for emission allowances, market participants and parties involved in relevant auctions. 14 The International Regulatory Environment Inside information is information that would be likely to have a significant effect on the price of financial 1 instruments or issuers if it were to be made public. Financial instruments include spot commodity contracts, emission allowances, and related auction products. The use of inside information to execute a transaction, or to amend or cancel an existing transaction constitutes insider dealing. In addition, persons who possess inside information are prohibited from using that information to (or attempt to) deal in financial instruments or to recommend or induce another person to transact on the basis of inside information. Firms need to maintain a register of insiders. Issuers and emission allowance market participants (EAMPs) need to publicly disclose any inside information which has been (in)directly made available to them as soon as possible. Disclosure may be delayed if it is in the interest of financial stability. The appropriate financial regulator needs to be informed immediately after the decision to delay the disclosure of inside information has been made. A firm does not have to provide a written explanation of how the conditions for delayed disclosure are met but will need to keep appropriate records which will have to be made available to the regulatory authority on demand. MAR introduces a framework to make legitimate disclosures of inside information in the course of market soundings. A market sounding is a communication or information that is disclosed to one or more investors prior to the announcement of a transaction. The purpose of a market sounding is to assess the interest of potential investors in relation to the transaction, potential size, and pricing. Market manipulation covers any activity that gives or may give false or misleading signals about the demand, supply, or price of a financial instrument, thus impacting trading in the instrument in a way intended by the person. Market manipulation can take forms such as: false or misleading signals resulting from transactions, orders, trades, or any other behaviour using fictitious devices or other deceptions likely to affect the price false or misleading signals resulting from disseminating information, and collaboration to secure a dominant position over demand and supply, creating unfair trading conditions, and other similar behaviours. Buy-back programmes and stabilisation measures may be exempt from the prohibitions against market abuse. Firms will have to notify their regulatory authority prior to undertaking these transactions. Persons discharging managerial responsibilities (PDMRs) within issuers or EAMPs, and persons closely associated with them, must notify their regulatory authority and the issuer or EAMP of relevant personal transactions they undertake in the issuer’s shares, debt instruments, derivatives or other linked financial instruments, if the total amount of transactions per calendar year has reached €5,000. The notification must be made public within three business days. In addition, PDMRs are prohibited from conducting certain personal transactions during a closed period. European Market Infrastructure Regulation (EMIR) Following the financial crisis, the G20 countries committed to address risks related to the derivatives markets. In order to make that commitment effective, the European Parliament and Council have adopted European Market Infrastructure Regulation (EMIR), a regulation that requires over-the-counter (OTC) derivative contracts to be cleared and derivatives contracts to be reported. EMIR sets the framework to enhance the safety of central counterparties (CCPs) and trade repositories (TRs). EMIR and the regulation on OTC derivatives, CCPs and TRs, came into force on 16 August 2012. 15 The main obligations under EMIR are: central clearing for certain classes of OTC derivatives application of risk mitigation techniques for non-centrally cleared OTC derivatives reporting to TRs application of organisational, conduct of business and prudential requirements for CCPs, and application of requirements for TRs, including the duty to make certain data available to the public and relevant authorities. Payment Services Directive 2 (PSD2) The Payment Services Directive 2 (PSD2) was introduced into national law of the EU member states on 13 January 2018. In this context, payment services are defined as follows: 'Services enabling cash to be deposited in or withdrawn from, for example, a bank account, as well as all the operations required to operate the account. This can include transfers of funds, direct debits, credit transfers and card payments. Paper transactions are not covered by the directive.' The aim of the directive is to: provide the legal foundation for the further development of a better integrated internal market for electronic payments within the EU put in place comprehensive rules for payment services, with the goal of making international payments within the EU as easy, efficient, and secure as payments within a country open up payment markets to new entrants leading to enhanced competition, greater choice, and better prices for consumers, and provide the necessary legal platform for the single euro payments area (SEPA). PSD2 improves the existing EU rules for electronic payments incorporating emerging and innovative payment services such as internet and mobile payments. To this end, it sets out rules concerning security requirements, transparency of conditions, and the rights and obligations of users and providers of payment services. PSD2 is complemented by regulation (EU) 2015/751 which caps fees charged between banks for card-based transactions. This is aimed at reducing the cost for merchants in accepting consumer debit and credit cards. The PSD2 rules apply to existing and new providers of innovative payment services and seek to ensure that these players can compete on equal terms. This, in turn, will result in greater efficiency, choice and transparency of payment services, while strengthening consumers' trust in a harmonised payments market. PSD2 opens up the EU payment market to companies offering the following consumer- or business- oriented payments services: 1. Account information services – allow a payment service user to have an overview of their financial status at any time. 2. Payment initiation services – allow consumers to pay by means of simple credit transfer for online purchases whilst assuring the payment is initiated and goods and services can be provided without delay. 16 The International Regulatory Environment Organisations offering account information services need to have professional indemnity insurance as 1 a condition of authorisation. PSD2 enhances consumer rights including reduced liability for non-authorised payment to €50 (from €150), the unconditional right to refund direct debits in euros and the removal of surcharges for the use of a consumer debit or credit card. The European Banking Authority (EBA) will develop a central register of authorised payment institutions which will be publicly accessible and maintained by national authorities. In addition, the role of the EBA is to assist in dispute resolution between national authorities, to develop regulatory technical standards on strong customer authorisation and secure communication channels, and to develop cooperation and information exchange between supervisory authorities. Sarbanes-Oxley (SOX) Act 2002 The US government introduced the Sarbanes-Oxley (SOX) Act in 2002 following a series of financial scandals that began in 2001 with the collapse of major US corporations such as Enron and WorldCom. SOX includes proposals to improve the financial reporting process and restore investor confidence in the US financial markets, and was passed by Congress in July 2002. At the time, President Bush characterised it as ‘the most far-reaching reforms of American business practices since the time of Franklin Roosevelt’. The objective of SOX is ‘to protect investors by improving the accuracy and reliability of corporate disclosures’. It applies to US public companies and their global subsidiaries. In addition, it applies to foreign companies with shares listed on US stock exchanges. What are the Implications of the Legislation? One of the key sections is Section 404, which lays out the requirement for the management of a US public company to report annually on the operational effectiveness of the company’s internal controls over financial reporting. The company’s auditors must attest to and report on the management’s assertion over the effectiveness of internal financial controls. This section significantly impacts the governance and behaviour of any business with a US listing, including non-US companies, and their global subsidiaries and joint ventures. Requirements for Auditors SOX introduced the Public Company Accounting Oversight Board (PCAOB), whose members are appointed by the SEC to oversee auditors and to establish and enforce auditing standards. Key changes can be summarised as follows: The PCAOB is required to inspect large accounting firms annually (ie, those that regularly audit more than 100 companies), and to inspect smaller firms every three years. The Act authorises the PCAOB to subpoena documents, compel testimony, suspend the right of accounting firms to audit public companies and impose substantial fines. 17 In order to address conflicts of interest in firms that both perform audits and provide consulting, auditors are prevented from providing certain non-audit services, and are only permitted to provide other services, such as tax advice, if this is disclosed and approved by the audit committee of the company receiving the advice. Auditors have to be appointed by the audit committee of a company’s board of directors rather than by company management and members of the audit committee must be independent of management. The lead accounting firm partner on an audit has to be replaced every five years. An accounting firm may not audit a company where senior executives previously worked for the firm and participated in the audit within the previous year. Breaches of the rules are subject to criminal fines and up to ten years in prison. Reporting Requirements SOX requires firms to meet the following internal control standards to ensure the accurate reporting of their financial position: The chief executive officer (CEO) and chief finance officer (CFO) are responsible for ensuring that internal controls and procedures can provide accurate financial disclosures. The controls must ensure that the CEO and CFO are aware of material information. Compliance work must be performed on a continual basis to document and attest to the effectiveness of their internal controls. Companies, and their auditors, must also report on the effectiveness of these internal controls. The requirements for the annual internal controls report include the following: It should be produced as part of the annual financial accounts. It must acknowledge management’s responsibility for establishing and maintaining adequate controls and procedures for financial reporting. It must contain an assessment of the effectiveness of the firm’s controls and procedures for the purposes of financial reporting. Requirements of US Listings To achieve and maintain US exchange listings, SOX requires a significant change in both management’s reporting responsibilities, and the responsibilities of the independent auditor. In addition to those provisions described above, the Act also covers a number of other corporate governance issues, such as: measures to prevent conflicts of interest between securities analysts and investment banks the requirement for the CEO and CFO to certify the accuracy of the firm’s annual and quarterly SEC reports; they are then personally responsible for the information all off-balance sheet transactions and material relationships must be disclosed the company must state whether it has adopted a code of ethics for its senior financial officers personal loans to officers or directors are forbidden, and greater protection is given for whistleblowers, and retaliation can be punishable with up to ten years’ imprisonment. 18 The International Regulatory Environment The Act also defined the following related crimes: 1 Defrauding securities investors – up to 25 years in prison. CEOs knowingly signing a false financial statement – fines of up to $5 million and 20 years in prison for wilful violations. Obstruction of justice by destroying documents – fines and prison terms of up to 20 years. Compliance with Section 404 requires that businesses now have to document and attest to the operational effectiveness of a wide range of processes that have an impact upon the accuracy of their annual financial performance and reporting. These include traditional financial processes such as accounts payable and receivables, but also cover those that have an indirect financial impact; for banking and financial institutions these include the processes around the movement of money and customer funds, such as direct debit, cheque clearing and the procedures for opening or closing accounts. To comply with the Act, many businesses documented and tested a larger number of controls. As part of the SOX requirements, this compliance work must be performed on a continual basis, and firms must document and attest to the effectiveness of their internal controls on an annual basis. Section 302 of SOX sets out that the CEO and CFO are required to certify that the financial statements and other information that is included in each quarterly report are a true and accurate representation in all material respects. Central Securities Depository Regulations (CSDR) 2022 The Central Securities Depository Regulations (CSDR) is an EU regulation that came into force in 2014, introducing uniform requirements for the settlement of financial instruments in the EU as well as rules related to the organisation and conduct of central securities depositories (CSDs) to promote safe, efficient, and smooth settlement. It applies to all firms that trade securities in the EU regardless of their location. A CSD is an institution that holds financial instruments including equities, bonds, money market instruments and mutual funds. A settlement fail is defined as the non-occurrence of settlement or partial settlement of a securities transaction on the intended settlement date, due to a lack of securities or cash and regardless of the underlying cause. Under CSDR, all transactions should be settled on the intended settlement date (at the latest, two business days after the trade date). In addition, it introduces measures to prevent settlement fails, encouraging firms to offer professional clients the mechanism to electronically send confirmations and allocation details using international open communication procedures and standards for messaging and reference data. Straight-through processing (STP) is deemed essential for maintaining timely settlement for high volumes of transactions. Where possible, settlement fails need to be resolved during the period between the trade date and the intended settlement date. However, it is recognised that this is not always possible and therefore, the settlement period may be extended and the following steps are introduced: Extension period – time between the intended settlement date and buy-in date. Typically four business days, but this may be increased to seven business days based on asset type and liquidity considerations. 19 Buy-in period –after the end of the extension period, transactions that continue to fail due to a lack of securities will be subject to a mandatory buy-in process. If buy-in is not possible, for example, due to reduced liquidity, the seller must pay a compensation to the buyer in cash. As of 1 February 2022, phase 3 of the CSDR, the Settlement Discipline Regime (SDR), has come into force, which introduces new cash penalties for settlement fails. Under SDR, penalties are imposed on the market participant responsible for the settlement fail. Market participants may pass on the penalties to their clients if the settlement fail is not the fault of the market participant themselves. The SDR is intended to be an effective deterrent of settlement fails, whilst at the same time incentivising timely settlement. In the event the settlement fail is caused by a failure to deliver the financial instrument, the penalty rate is based on the type of instrument and is related to the value of the instrument to be delivered. In the event the settlement fail is caused by a lack of cash, the penalty rate is based on the basis of the cost of borrowing. The cash penalties apply to all transactions in transferable securities, money-market instruments, units in collective investment undertakings and emissions allowances admitted to trading on an EEA trading venue (including OTC transactions) or cleared through an EEA central counterparty, regardless of the location of the market participant. Penalty rates applicable to settlement fails are as follows: Cause Penalty Rates in Basis Points 1. Lack of shares with a liquid market. 1.0 2. Lack of shares with an illiquid market. 0.5 3. Lack of financial instruments traded on SME growth markets 0.25 excluding debt instruments. 4. Lack of debt instruments issued or guaranteed by sovereigns, 0.1 local governments, central banks, multilateral development banks, or the European Financial Stability Mechanism. 5. Lack of debt instruments that are not covered under items 4 or 0.2 6. 6. Lack of debt instruments traded in SME growth markets. 0.15 7. Lack of all other financial instruments. 0.5 8. Lack of cash. Official interest rate for overnight credit charged by the central bank issuing the settlement currency with a floor of zero Penalties are calculated by the CSD on a daily basis for each day between the intended and the actual settlement date and are charged to each failing market participant at least monthly. Collected penalties are redistributed by the CSD to market participants impacted by the relevant settlement fail. 20 The International Regulatory Environment Settlement fails must be reported to the regulatory authority of the CSD. 1 1.5.4 Financial Crime There is no internationally accepted definition of ‘financial crime’. It is generally understood to include the laundering of the proceeds of any crime, terrorist financing, the financing of the proliferation of weapons of mass destruction (WMDs), breaches of financial and trade sanctions, market abuse, and tax evasion. FSMA broadly defines the term to include ‘any offence involving fraud or dishonesty; misconduct in or misuse of information relating to, a financial market; or handling the proceeds of crime’, and defines the term ‘offence’ as behaviour that ‘includes an act or omission which would be an offence if it had taken place in the UK’. Thus, expanding the remit of the legislation to include conduct occurring outside the UK. In the context of global financial compliance, the UK Bribery Act and the Foreign Corrupt Practices Act are of particular importance. UK Bribery Act 2010 The Organisation for Economic Co-operation and Development (OECD) Convention on Combating Bribery of Foreign Public Officials in International Business Transactions was signed in 1997 and reaffirmed in 2009. It establishes legally binding standards to criminalise the bribery of foreign public officials in international business transactions and provides for a host of related measures to make it effective. It is the first and only international anti-corruption instrument focused on the supply side of the bribery transaction. The 35 OECD member countries and four non-member countries – Argentina, Brazil, Bulgaria, and South Africa – have adopted the Convention. The UK Bribery Act 2010 is an example of legislation designed to implement the OECD Convention. The Act created new offences of: offering or receiving a bribe (Section 1) bribery of foreign public officials (Section 6), and a failure to prevent a bribe being paid on an organisation’s behalf (Section 7). It also provides a defence to the last offence where an organisation can show that it has ‘adequate procedures’ in place. Section 12 of the Act provides that the courts will have jurisdiction over offences committed in the UK, as well as offences committed outside the UK where the person committing them has a close connection with the UK by virtue of being a British national or ordinarily resident in the UK, a body incorporated in the UK, or a Scottish partnership. In addition, in relation to Section 7 – failure to prevent a bribe – the jurisdiction of the UK courts is extended to foreign commercial organisations. Only a ‘relevant commercial organisation’ can commit an offence under Section 7 of the Bribery Act. A relevant commercial organisation is defined in Section 7(5) as: ‘a body or partnership incorporated or formed in the UK irrespective of where it carries on a business, or an incorporated body or partnership which carries on a business or part of a business in the UK irrespective of the place of incorporation or formation’. 21 It is up to the courts to determine whether an organisation carries on a business in the UK, taking into account the particular facts in individual cases. While the Act represents a stronger approach to eradicate bribery across all firms and industries, the financial sector has previously been subject to action. In 2009, the UK financial services regulator imposed a fine of £5.25 million on insurance company Aon for: ‘failing to take reasonable care to establish and maintain effective systems and controls for countering the risks of bribery and corruption associated with making payments to ‘Overseas Third Parties’ who assisted Aon in winning business from overseas clients, particularly in high risk jurisdictions’. Case Study Due to its extraterritorial reach, the UK Bribery Act can have significant impact on foreign companies. A foreign company which carries on any ‘part of a business’ in the UK could be prosecuted under the Bribery Act for failing to prevent bribery committed by any of its employees, agents or other representatives, even if the bribery takes place outside the UK and involves non-UK persons. For example, a German construction company with a UK subsidiary appoints an intermediary to facilitate business in Africa, and the intermediary pays a bribe to a local official. In some circumstances, the German parent could be liable under the UK Bribery Act for failing to prevent bribery. The Act is engaged simply by virtue of the existence of a UK operation. Using the same example, the UK subsidiary is itself at risk of prosecution if a person or company associated with it is involved in bribery, as are any German nationals working for the UK subsidiary and, therefore, ‘ordinarily resident’ in the UK, if they are found to have paid or received a bribe. ‘Part of a business’ is not defined in the Act, but even a UK representative office or agent may be sufficient for the purposes of the corporate offence. Foreign Corrupt Practices Act (1977) The US Foreign Corrupt Practices Act (FCPA) has had significant impact on the way American firms do business, both in the US and overseas. The FCPA was originally enacted by the US Congress in 1977 and has been revised since. The provisions of the FCPA make it unlawful for a US person, and certain foreign issuers of securities, to make a corrupt payment to a foreign official for the purpose of obtaining or retaining business for or with, or directing business to, any person. The provisions also apply to foreign firms and persons who take any act in the furtherance of such a corrupt payment while in the US. In 1977, the International Chamber of Commerce (ICC) published Rules of Conduct to Combat Extortion and Bribery. These rules set out basic measures by which companies can reduce the likelihood of corrupt practices. The OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions was signed by the US and 33 other OECD member countries in 1997 and reaffirmed in 2009. Since 1997, over 400 US companies have admitted to the US SEC that they had made questionable or illegal payments in excess of $300 million to foreign government officials, politicians and political parties. Several US firms have since been convicted in the criminal courts of having paid bribes to foreign officials and have suffered large fines as well as being banned from participating in US federal procurement programmes. In addition, employees and officers have gone to jail. 22 The International Regulatory Environment Firms need to have controls in place to ensure that they know who their customers are (in particular 1 if customers are considered to be politically exposed persons (PEPs)), including the details of the management and ownership of the entities with whom they do business. Firms need to be comfortable that their business is not associated with criminals. The SOX legislation also imposes requirements on firms to disclose instances of fraud as well as reporting annually on their systems of internal control, so compliance with the FCPA helps ensure SOX compliance too. In order to avoid criminal prosecutions and fines, many firms have implemented detailed compliance programmes to prevent and detect any improper payments by employees or agents, particularly those operating ‘in the field’ in tough emerging markets, where competition and general business practice often mean that rules set at head office are difficult to implement in practice and managers may attempt to circumvent regulations to achieve a sale. Particular controls include: due diligence checks on third parties to establish their bona fides at the outset of the relationship but, very importantly, as the relationship continues committees with senior executive representation to oversee the risks of bribery and corruption, to receive periodic management information detailed training for staff, and general monitoring of processes and controls by independent risk, compliance or audit functions. Any company not implementing comprehensive compliance processes and controls and, in particular, not actively examining the history of its business partners to determine past involvement in fraud or corruption, will have significant difficulties in being able to meet anti-bribery and corruption legislation and regulation. A poor approach to compliance may result in criminal investigations, regulatory fines, restriction of trade and even jail sentences. Clearly, the reputational risk is significant and it is worth ensuring compliance with anti-bribery legislation. The Foreign Account Tax Compliance Act (FATCA) 2010 Foreign Account Tax Compliance Act (FATCA), enacted by the US in 2010 as part of the Hiring Incentives to Restore Employment (HIRE) Act, is an important development in US efforts to combat tax evasion by US persons holding investments in offshore accounts. Under FATCA, US taxpayers holding financial assets outside the US are required to report those assets to the Internal Revenue Service (IRS). In addition, FATCA requires foreign financial institutions (FFIs) to report directly to the IRS certain information about financial accounts held by US taxpayers, or by foreign entities in which US taxpayers hold a substantial ownership interest. Reporting by FFIs Firms outside the US are not directly subject to US legislation, and so a series of intergovernmental agreements have been entered into so that the US authorities will receive the information they require to improve tax compliance. UK FFIs will report directly to Her Majesty’s Revenue & Customs (HMRC) certain information about the financial accounts held by US taxpayers, or by foreign entities in which US taxpayers hold a substantial ownership interest. An FFI in a country not party to an intergovernmental agreement is expected to register with the IRS. 23 UK and US Intergovernmental Agreement The UK and the US have entered into an intergovernmental agreement to improve tax compliance. The agreement also covers the implementation of FATCA on the basis of domestic reporting and reciprocal exchange of information. As a result of the agreement, UK firms are legally bound to report information requested by the US authorities to the UK government. Anti-Money Laundering Directive (AMLD) The EU Anti-Money Laundering Directive (AMLD) is an EU legal act and risk-based approach that requires EU-wide risk assessments in combination with national and institutional risk assessments. It covers customer due diligence (CDD) and other requirements on financial institutions and designated non-financial businesses and professions (DNFBPs), in accordance with the Financial Action Task Force (FATF) Recommendations. DNFBPs are non-financial sectors identified to be vulnerable to money laundering abuse, such as lawyers, accountants, real estate agents and some types of businesses that deal in high-value goods. The directive extends the definition of PEPs to also include those in the home country of the institution. Over time, amendments have been made to the directive to ensure it remains current. The main amendments, in the most recent version (5AMLD), are related to beneficial ownership, removing anonymity on unpaid credit cards, risks of virtual currencies, exchange of information between financial intelligence units (FIUs), additional checks on transactions with high- risk third countries and centralised account registers or retrieval systems. 5AMLD was adopted into European law in April 2018, to be implemented by member countries by October 2020. Further changes to 5AMLD have come into force in June 2021. The main changes are: the standardisation of predicate offences and the inclusion of two new predicate offences: cybercrime and environmental crime the expansion of crimes that are categorised as money laundering to include aiding and abetting increased prison time and financial penalties enhanced cooperation between member states, and the extension of criminal liability to businesses. The AMLD is incorporated in law within individual member states. 1.5.5 Common Reporting Standard (CRS) for the Exchange of Financial Information On 6 May 2014, 47 countries tentatively agreed on common reporting standards (CRSs) to share information on residents’ assets and incomes automatically in conformation with the standard. Until now, the parties to most treaties that are in place for sharing information have shared information upon request, which has not proved effective in preventing tax evasion. The new system is supposed to automatically and systematically transfer all the relevant information. On 29 October 2014, 51 jurisdictions signed an agreement to automatically exchange information based on Article 6 of the Convention on Mutual Administrative Assistance in Tax Matters. 24 The International Regulatory Environment The OECD CRS is a major step towards an internationally coordinated approach to the disclosure of 1 income earned by individuals and organisations. As a measure to counter tax evasion, it builds upon other information-sharing legislation, such as FATCA and the EU Savings Directive. However, crucially, FATCA is much narrower in scope than the OECD standard for automatic exchange of information (AEoI). The CRS, formally referred to as the standard for the automatic exchange of financial account information is, in practical terms, a framework of an information standard for the AEoI, developed in the context of the OECD. The aim of this framework is for jurisdictions to obtain information from their financial institutions (FIs) and automatically exchange that information with other jurisdictions on an annual basis. It sets out the financial account information to be exchanged. The FIs are required to report the different types of accounts and taxpayers covered, as well as the CDD procedures to be followed. These initiatives involve governments obtaining information from their FIs and exchanging data automatically with other nations. FIs (and other investment entities) will have significant additional reporting responsibilities, in order to disclose details of their account holders, with potential penalties for those unable or unwilling to comply fully. The legal basis for the exchange of data is the Convention on Mutual Administrative Assistance in Tax Matters and the idea is based on the FATCA implementation agreements. The AEoI consists of two regulations or agreements: OECD Competent Authority Agreement (CAA) is the bilateral agreement between jurisdictions that have signed up to the AEoI. The agreement is what allows the competent authorities (in most cases, this is the jurisdiction’s tax authority) to exchange information. OECD Common Reporting Standard (CRS) sets out the baseline regulation to be adopted in the jurisdictions that have signed up to AEoI. It sets out who will be reporting, what will be reported and to some degree the format of the reporting. This could be seen as the minimal requirements for the regulations. Financial information to be reported includes interest, dividends, account balance, income from certain insurance products and sales proceeds from financial assets. In gathering data, residency or tax residency within a country is the decisive factor, not citizenship. The CRS relies heavily on local anti-money laundering (AML) and know your customer (KYC) requirements, and on self-certification by account holders, although it includes some documentation remediation. The intention is to eventually have a single global standard. 25 1.6 Exchanges, Multilateral Trading Facilities (MTFs) and Systematic Internalisers (SIs) Learning Objectives 1.1.7 Understand how regulation operates in an exchange-traded environment 1.1.8 Understand the key benefits of regulated market structures: exchanges; trading venues (multilateral trading facilities and organised trading facilities); systematic internalisers 1.6.1 Exchanges A large proportion of trades in financial instruments are carried out through established investment exchanges, such as the London Stock Exchange (LSE), the New York Stock Exchange (NYSE) and the Tokyo Stock Exchange (TSE). Example An example of an exchange-traded environment is the stock exchange in Singapore operated by Singapore Exchange ltd (SGX). The exchange is Asia-Pacific’s first demutualised and integrated securities and derivatives exchange, with members including organisations that trade derivatives and securities. The SGX operates the securities and derivatives exchange and the respective clearing houses and securities depository. The SGX performs all steps in the value chain of business – order routing, trading, matching, clearing, settlement and depository functions. The SGX is responsible for: regulating the stock market approving applications for listing provision and administration of business and listing rules supervising admission of members and compliance by listed companies with the listing rules and corporate disclosure policies market surveillance and risk management for the clearing of securities and derivatives, and overseeing the capital requirements of brokers and investigating brokers as and when it deems necessary. These responsibilities are typical to investment exchanges. Exchanges and their operators are normally subject to regulation and supervision by monetary authorities or other regulatory authorities. In Singapore, the Monetary Authority of Singapore (MAS) is the body charged with these responsibilities, while in the UK it is the FCA. In the UK, any body corporate or an unincorporated association may apply to the FCA for an order declaring it to be a recognised investment exchange (RIE). The FCA will look to establish: whether the applicant is ‘fit and proper’ to operate as an exchange whether it has sufficient financial resources to properly carry out its activities 26 The International Regulatory Environment that the applicant is willing and able to share information with the FCA, and to promote and maintain 1 high standards of integrity and fair dealing, including laying down rules for activities on the exchange, and that the applicant will record, monitor and enforce compliance with the rules of the exchange. Exchange operators are expected to take disciplinary action against members, directors, employers and trading representatives, or against any person registered by the exchange. Disciplinary Actions under an Exchange Environment Disciplinary action and enforcement penalties are usually determined by a disciplinary committee. The following actions may be available – either individually or in combination: a reprimand a fine (usually within limits laid down/agreed by the exchange) suspension of the member, or expulsion of the member or trading representative. Where the matter involves a violation of the law, the matter may be referred to the relevant authorities for further action. An appeal process is normally provided so that members of the exchange may appeal to an appeals committee against the decision of the disciplinary committee. 1.6.2 Multilateral Trading Facilities (MTFs)/Systematic Internalisers (SIs) Multilateral trading facilities (MTFs) are described by the FCA as being any system that brings together multiple parties (eg, retail investors or other investment firms) that are interested in buying and selling financial instruments and enables them to do so. These systems can be operated by an investment firm or a market operator – these allow parties to trade among themselves away from the exchanges. Instruments may include shares, bonds and derivatives. This is done within the MTF operator’s system. The introduction of MTFs, under MiFID, allowed greater competition to the formalised investment exchanges to be introduced but subject to direct prudential and supervisory oversight by national regulators. Accordingly, MiFID replaced rules in many markets that required trades to be executed at local exchanges. Instead, for example, banks are allowed to act as systematic internalisers (SIs), matching customer orders internally rather than showing these to the market. SIs, traditionally called market makers, are investment firms who could match ‘buy’ and ‘sell’ orders from clients in-house, providing that they conform to certain criteria. Instead of sending orders to a central exchange such as the LSE, investment banks can match them with other orders on their own book. Examples of such firms are Credit Suisse and UBS. It should be noted that an SI may only act as an SI for as little as one asset class under MiFID II. Furthermore, ESMA does not have any immediate plans to issue a register of SIs. SIs are able to compete directly with stock exchanges and automated dealing systems, but they have to make such dealings transparent. They must show a price before a trade is made. After a trade is made, they have to give information about the transaction, just like conventional trading exchanges. 27 1.6.3 Key Benefits of Regulated Market Structures The following table highlights the key features and benefits of the various types of trading venue: Type of Trading Venue Features Benefits A more formal market with the Demonstrates quality of Recognised highest standards of entry. business-raising capital. investment exchange (a Companies raising capital must Encourages investor confidence. regulated market) subscribe to sets of listing and disclosure standards. Maintains pool of capital. Described as a form of ‘exchange lite’. Does not have a listing process and cannot change the Introduction enabled greater regulatory status of a security. competition between trading Must be pre-trade transparent, venues. the price of existing orders must Multilateral trading Higher trading speeds which be available on market data facility (regulatory are attractive to high-frequency feeds. permission traders. required) Must be post-trade transparent, any trades must be published in Lower cost base. real time. Trading incentives for members relating to trade volumes. Prices/charges are public and applied consistently across all members. A firm that executes orders from its clients against its own book or Similar to MTFs in having lower Systematic against orders from other clients. trading costs. internaliser Also treated as a ‘mini-exchange’, Speed of trade. hence subject to pre- and post- trade price transparency. 1.6.4 Organised Trading Facilities (OTFs) An organised trading facility (OTF) is a new category of trading venue introduced by MiFID II. It is a multilateral trading system that is not a regulated market or an MTF. Bonds, structured finance products, emission allowances and derivatives can be traded on an OTF, but equities cannot. As a result of the introduction of OTFs, transactions previously categorised as off-venue, now fall under a multilateral trading environment which increases overall market transparency, reduces the prevalence of opaque market models and products, and increases the quality of price discovery, investor protection, and liquidity. 28 The International Regulatory Environment OTFs assist market participants in meeting MiFID II platform-trading obligations for derivatives and 1 provide an additional trading venue for derivatives, CPPs, and TRs that are sufficiently liquid for the trading obligations to apply. Instruments not subject to the trading obligation can be traded on OTFs through market making schemes. Due to the fact that both are multilateral trading environments, the rules for OTFs and MTFs are the same. The key difference is the ability and requirements of an OTF to use discretion when matching buying and selling interests. The use of discretion must be in line with fair and orderly trading and best execution obligations to clients. OTFs must establish clear trading rules and processes, including clear and non-discriminatory access rules. OTFs need to have the ability to suspend instruments from trading and maintain resilient systems to facilitate continuity of trading under stressed conditions. OTFs are subject to the same pre- and post-trade transparency requirements as an MTF which apply to any order or transaction executed through their systems or under their rules. OTFs will have to publish the details of current bids and offers and the depth of trading interests of those prices. In addition, details of transactions have to be made public as close to real time as is technically possible. OTFs can operate under any trading protocol as it is consistent with fair and orderly trading and the exercise of discretion. Effective arrangements and procedures need to be established and maintained to enable the regular monitoring of compliance by their members. OTFs need to identify, and act upon, breaches of rules, disorderly trading conditions or conduct that may involve market abuse in relation to any transactions undertaken by their members on the OTF’s systems. OTF operators must use discretion when deciding when to place or remove an order on their OTF, and whether or not to match a specific client order with orders available in the system, subject to best execution obligations. Investment firms or market operators running an OTF need to ensure client orders are not executed against the proprietary capital of: the firm, or any entity that is part of the firm’s legal group. The use of proprietary capital is only permitted for illiquid sovereign debt instruments. An OTF may only engage in matched principal trading if this has been agreed by clients. Matched principal trading is not permitted for derivatives subject to the EMIR-clearing obligation. The same legal entity cannot operate both an OTF and an SI. OTFs are prohibited from interacting with an SI if this allows any quotes or orders in the SI to interact. This prohibition also applies to quotes and orders in another OTF where two OTFs are interacting. 29 1.7 Off-Market Transactions Learning Objective 1.1.9 Understand how regulation applies to OTC derivatives transactions OTC derivatives are transactions conducted off-market. Trading in OTC derivatives is opaque due to the fact that they are privately negotiated contracts and consequently any information concerning any one of them is usually only available to the contracting parties. The financial crisis brought the OTC derivatives market to the forefront of regulatory attention. The near collapse of Bear Sterns in March 2008, the default of Lehman Brothers in September 2008 and the bailout of American International Group, inc (AIG) in November 2008 highlighted the shortcomings in the functioning of this market. The main observations are summarised below. Transparency The financial crisis highlighted a lack of information on positions and exposures of individual firms in OTC derivatives. On the one hand, this lack of information prevents regulators from a timely detection of risks building up at individual institutions and in the system as a whole. It also prevents them from accurately assessing the consequences of a default of a market participant and, therefore, from responding in an appropriate manner should such a default occur (Lehman’s case was a clear demonstration of this). On the other hand, it helps fuel suspicion and uncertainty among market participants during a crisis. Counterparty Risk OTC derivative contracts bind counterparties together for the duration of the transaction. Throughout the lifetime of a contract, counterparties build up claims against each other, as the rights and obligations contained in the contract evolve with the underlying that the contract is derived from. This gives rise to counterparty credit risk, ie, the risk that a counterparty may not honour its obligations under the contract when they become due. Clearing is the function by which these risks are managed over time. It can be carried out centrally, through a CCP, or bilaterally. Although both types of clearing are used in the OTC derivatives market, bilateral clearing is the most used form of the two. The crisis highlighted that the level of counterparty credit risk related to OTC derivatives was much higher than both market participants and re

Global Financial Compliance Ed10 (1)-1-64.pdf

Document Details

Tags

Related

Full Transcript

Upgrade to continue