Global Financial Compliance Ed10.pdf

Welcome to the Chartered Institute for Securities & Investment’s Global Financial Compliance study material. This workbook has been written to prepare you for the Chartered Institute for Securities & Investment’s Global Financial Compliance examination. Published by: Chartered Institute for Securities & Investment © Chartered Institute for Securities & Investment 2022 20 Fenchurch Street London EC3M 3BY Tel: +44 20 7645 0600 Fax: +44 20 7645 0601 Email: [email protected] www.cisi.org/quali cations Author: Dr Natalie Schoon ACSI Reviewers: Alwyn Li, FCCA, CIA, CCSA, CAMS, IOC+ Karl Micallef This is an educational workbook only, and the Chartered Institute for Securities & Investment accepts no responsibility for persons undertaking trading or investments in whatever form. While every eﬀort has been made to ensure its accuracy, no responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication can be accepted by the publisher or authors. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without the prior permission of the copyright owner. Warning: any unauthorised act in relation to all or any part of the material in this publication may result in both a civil claim for damages and criminal prosecution. A learning map, which contains the full syllabus, appears at the end of this workbook. The syllabus can also be viewed on cisi.org and is also available by contacting the Customer Support Centre on +44 20 7645 0777. Please note that the examination is based upon the syllabus. Candidates are reminded to check the Candidate Update area details (cisi.org/candidateupdate) on a regular basis for updates as a result of industry change(s) that could aﬀect their examination. The questions contained in this workbook are designed as an aid to revision of diﬀerent areas of the syllabus and to help you consolidate your learning chapter by chapter. Workbook version: 10.1 (July 2022) Learning and Professional Development with the CISI The Chartered Institute for Securities & Investment is the leading professional body for those who work in, or aspire to work in, the investment sector, and we are passionately committed to enhancing knowledge, skills and integrity – the three pillars of professionalism at the heart of our Chartered body. CISI examinations are used extensively by rms to meet the requirements of government regulators. Besides the regulators in the UK, where the CISI head oﬃce is based, CISI examinations are recognised by a wide range of governments and their regulators, from Singapore to Dubai and the US. Around 50,000 examinations are taken each year, and it is compulsory for candidates to use CISI workbooks to prepare for CISI examinations so that they have the best chance of success. Our workbooks are normally revised every year by experts who themselves work in the industry and also by our Accredited Training Partners, who oﬀer training and elearning to help prepare candidates for the examinations. Information for candidates is also posted on a special area of our website: cisi.org/candidateupdate. This workbook not only provides a thorough preparation for the examination it refers to, it is also a valuable desktop reference for practitioners, and studying from it counts towards your Continuing Professional Development (CPD). Mock examination papers, for most of our titles, will be made available on our website, as an additional revision tool. CISI examination candidates are automatically registered, without additional charge, as student members for one year (should they not be members of the CISI already), and this enables you to use a vast range of online resources, including CISI TV, free of any additional charge. The CISI has more than 40,000 members, and nearly half of them have already completed relevant quali cations and transferred to a core membership grade. You will nd more information about the next steps for this at the end of this workbook. Contents Chapter One: The International Regulatory Environment Chapter Two: The Compliance Function Chapter Three: Managing the Risk of Financial Crime Chapter Four: Ethics, Integrity and Fairness Chapter Five: Governance, Risk Management and Compliance Appendices Glossary Multiple Choice Questions Syllabus Learning Map It is estimated that this manual will require approximately 100 hours of study time. 1. Models of Regulation 2. The International Approach to Regulation End of Chapter Questions This syllabus area will provide approximately 20 of the 100 examination questions 1. Models of Regulation 1.1 Objectives and Bene ts of Regulation Learning Objective 1.1.1 Understand the objectives and bene ts of regulation Eﬀective capital and nancial markets are an essential part of the economy. They fuel economic development and aid wealth creation. Con dence and trust in these markets are vital. Loss of con dence and trust can result in the failure of nancial companies and have an adverse impact on the economy. This can, among others, result in recession, loss of jobs and income, reduction of the value of investments, reduction in market capitalisation of companies, and defaults on loans. The near collapse of large nancial institutions during the 2007–08 nancial crisis had a global impact and the subsequent bailout of the banks, reduction in government spending and increase in taxes has had a far-reaching impact on individuals and corporations. As the Basel Committee for Banking Supervision (BCBS) notes in their corporate governance principles, banks and, by extension, nancial markets play a crucial role in the economy by intermediating funds from savers and depositors to activities that support enterprise and help drive economic growth. Their safety and soundness are critical to nancial stability, and therefore, corporate governance. Thus, rules and codes of conduct are of the utmost importance to protect investors and the general public. Although the development of such rules and the extent to which they are enforced still varies from country to country, the development of global nancial markets depend on an agreement on standards of behaviour and mechanisms for dispute resolution. These standards, rules and codes of conduct can be established through self- regulation of the industry, or by means of a statutory approach where governments provide enabling legislation and establish statutory-based regulatory authorities. Integrity and ethical behaviour are a key part of any code of conduct. As a result of the nancial crisis, integrity and ethical behaviour has experienced renewed focus from professional bodies, governments and regulators. As nancial markets have become increasingly global in nature and interdependence has grown, the nancial sector has moved from self-regulation to a statutory approach. This has facilitated international cooperation and the development of improved and common standards. Regulation has also been used to restrict the ability of criminals and terrorists to use the nancial system to their advantage, and to aid enforcement and intelligence agencies to identify criminal activity. Again, this has developed from purely domestic initiatives to major international eﬀorts to reduce crime related to nancial services. These crimes include money laundering (ML), fraud and tax evasion. The objectives and bene ts of regulation can be summarised as: increase in con dence and trust in nancial markets, systems and products establish an environment to encourage economic development and wealth creation reduce the risk of market and system failures, including their economic consequences enhance consumer protection, giving them the reassurance they need to save and invest, and reduce nancial crime by ensuring nancial systems cannot easily be exploited. 1.2 Law and Regulation Learning Objective 1.1.2 Know the interaction between law and regulation The objectives and bene ts of regulation are typically achieved through a combination of laws and regulations. Law – the principles and regulations established in a community by an authority and applicable to the people. Laws can be a combination of legislation, custom, and policies recognised and enforced by judicial decision. When a person is found guilty of breaking the law, they are typically punished with a reprimand, a prison sentence and/or a penalty. Financial services legislation provides the structural framework for the sector itself, as well as the products it oﬀers. In the UK, for example, key legislation includes the Financial Services and Markets Act 2000 (FSMA), which sets out the UK’s regulatory structure, and multiple Finance Acts which contain provisions related to taxes, duties, exemptions and reliefs. National and international laws regarding the prevention of money laundering and terrorist nancing (ML/TF), tax and other nancial services-related crimes will be incorporated into the appropriate regulations relevant to the structuring of banking or other nancial products or customer advice. Regulation – combination of rules and standards generally covering matters such as observing proper standards of market conduct, managing con icts of interest, treating customers fairly, ensuring the suitability of customer advice, and ensuring stability of the nancial system. Compliance laws, rules and standards have various sources, including: primary legislation rules and standards issued by legislators and supervisors market conventions codes of practice promoted by industry associations or professional bodies, and internal codes of conduct applicable to the staﬀ members of nancial institutions. Industry and internal codes are likely to go beyond what is legally binding and embrace broader standards of integrity and ethical conduct. 1.3 Rules-Based and Principles-Based Approaches Learning Objective 1.1.3 Understand the main diﬀerences between rules-based and principles-based approaches to nancial regulation When drafting regulation, regulators make a choice between rules-based and principles-based regulation. Rules-based – rules-based regulations are mainly prescriptive procedures including very detailed rules. These rules specify exactly what individuals and rms must do to ensure they comply. A rules- based approach requires strict adherence to precise rules with little allowance for interpretation. It is typically in exible and may result in a tick-box exercise. Principles-based – principles-based regulations focus on the spirit of the rules and, therefore, the types of behaviour and outcomes. Unlike the rules-based approach, it is not about blindly following the rules. A principles-based approach acts as a fundamental source of guidance on how rms and individuals are expected to act. How individuals and rms ensure they comply with the regulations, and to what extent the principles are met, is their own responsibility. A rules-based approach must be suﬃciently detailed in order to provide a reliable distinction between right and wrong. Maintaining a comprehensive rules-based model is challenging, particularly in evolving markets with an increase in the use of technology, and a wider range of products and assets. A broader and more complicated market requires a larger body of rules which take into account evolving business activities. The challenge faced by regulators with a principles-based approach is ensuring that rms apply consistent interpretations to their implementation of the principles. Some rms and compliance oﬃcers prefer a rules-based approach because they know exactly what is expected of them, and they cannot be challenged or criticised as long as they strictly follow the rules. Others prefer a principles-based approach because it provides scope for innovation and the freedom to develop services and business models within the framework of the principles. The success of a principles-based approach depends on rms and individuals making the right decisions. Strong ethical standards, often set by professional bodies like the Chartered Institute for Securities & Investment (CISI), play a key role in a principles-based regulatory environment (see chapter 4, Ethics, Integrity and Fairness). Since 2001, the UK’s nancial regulators have applied a combination of principles- and rules-based approaches. The Financial Conduct Authority (FCA) has actively reduced prescriptive rules by adopting a more principles-based approach. One of the results of the 2008–09 nancial crisis is that principles-based decision making is deemed to have failed, leading to a greater focus on the speci c outcomes expected by rules-based regulation. The demand for stricter rules is a natural political reaction to a crisis, and principles-based decision making will remain important. 1.4 Models of Self-Regulation Learning Objectives 1.1.4 Understand models of self-regulation 1.1.5 Understand the regulation of faith- and ethical-based nance and the attendant regulatory implications Self-regulation is a situation in which groups or industries mutually agree the rules that will govern their own collective behaviours. It exists in addition to laws or regulations established by governments or regulatory bodies. In some cases, self-regulation develops because there is no regulation in place. While self-regulation measures must operate within the parameters of national laws, strong self-regulation can reduce the need for, or extent of, state regulation. In the nancial sector, self-regulation is typically a unique combination of private interests with government oversight, which has delivered an eﬀective and eﬃcient form of regulation for the complex and dynamic environment. As stated in a report by the International Organization of Securities Commissions (IOSCO) on Objectives and Principles of Securities Regulation: ‘Self-regulatory organisations (SROs) can be a valuable component to the regulator in achieving the objectives of securities regulation’. The adoption of self-regulation diﬀers from country to country, across market sectors and across developed and emerging markets. Where its role is signi cant, it is almost always the result of a long track record of responsible behaviour under the oversight of statutory regulators. That relationship with statutory regulators has permitted SROs to contribute to the quality of regulation and to the content of policy in the public interest. The broad objectives of self-regulation in nancial markets are the same as those identi ed for government regulation in the IOSCO Objectives and Principles of Securities Regulation to: preserve market integrity (fair, eﬃcient and transparent markets) preserve nancial integrity (reduce systemic risk), and protect investors. Many diﬀerent forms of self-regulation currently exist for nancial markets to achieve these objectives such as: industry SROs exchange self-regulatory frameworks, and private associations. All of these de ne and encourage adherence to standards of best practice among their participants. Self-regulation typically focuses on oversight of the market itself, quali cation standards for market intermediation and oversight of the business conduct of intermediaries. Business conduct of intermediaries include their relationship with their client market users. A single SRO may be responsible for all of these tasks, or they may be divided or shared among SROs within a given country or market sector. Some approaches may be applied purely within the organisation, such as ethical-based nance. A rm may hold strong principles that guide its investment policies (eg, avoidance of sectors such as weaponry or tobacco). A rm might also choose to market itself according to ethical positions because it meets their values, or to attract certain customers. While there may be no speci c independent party overseeing such practices, a rm that publicly takes a moral position must ensure its reputation is secure. 1.4.1 Key Elements of an Eﬀective Self-Regulatory Model The elements which contribute to an eﬀective self-regulatory model include the following: Industry-speci c knowledge – important given the complexity of markets and products. Industry motivation – business incentive to operate a fair, nancially sound and competitive marketplace. Reputation and competition are powerful motivating forces for sustained behaviour. Contractual relationship – this can go beyond national boundaries and require ethical standards that go beyond government regulations. Transparency and accountability – an SRO’s compliance programme should be transparent and accountable to ensure that SROs follow professional standards of behaviour on matters including con dentiality and procedural fairness. Such transparency can occur in diﬀerent ways, including making SRO rules accessible to the public in printed or digital form, and by publicising signi cant disciplinary actions taken by an SRO and through educational outreach programmes. The inclusion of both public representatives and industry professionals on an SRO’s governing body and public participation in deliberations pertaining to regulatory policy and rulemaking can also provide the foundation for an open organisation. In some jurisdictions, SROs prepare regulatory plans that are submitted to their statutory regulator and made available to the public. These regulatory plans describe the SRO’s regulatory objectives, activities for the year, and a cost forecast. Flexible SRO compliance programmes – self-regulatory bodies are generally able to modify their rules quicker than government agencies. This is due to their experience and expertise in the industry, their size, and because they are not subject to the more rigid requirements typically imposed on the rulemaking process of statutory regulators. Coordination and sharing information – coordination and information sharing between markets is important to address cross-market issues. A coordinated approach is necessary to address potential market abuse or systemic risk concerns that may impact more than one market. In 2000, a report by IOSCO’s SRO Consultative Committee (Model for Eﬀective Regulation) indicated that an SRO’s common regulatory practices and objectives should include: enforcing rules and regulations through investigations and disciplinary action conducting nancial/operations and sales practice examinations conducting tness screening for access to marketplace handling customer complaints having surveillance programmes to detect improper conduct sharing information and cooperating with other SROs, and providing a dispute resolution forum. An integral component of many SRO compliance programmes is the development of guidebooks and other educational materials to help their members meet their regulatory responsibilities. An example of self-regulation is the use of the International Swaps and Derivatives Association (ISDA) Master Agreement. ISDA is a membership association established in 1985 with the aim of fostering a safe and eﬃcient derivatives market to facilitate eﬀective risk management for all users of derivatives products. Members of ISDA agree to use the ISDA Master Agreement and associated documentation as a basis for derivative transactions. Members bene t from the netting provisions, which enable rms to net their exposures with each other. As a result, the transactions are legally treated as a single transaction with a single net value. 1.4.2 Islamic Finance Adoption of Self-Regulation Some forms of self-regulation are established to re ect wider principles, for example, principles associated with religious observance. An example of faith- and ethical-based regulation is the Islamic nance industry, which is regulated by a combination of self-regulatory bodies and statutory regulation in the countries in which they operate. Islamic commercial and nancial ethics stem from the principles of Shariah (also referred to as Islamic law) which includes the major prohibitions of riba (interest), gharar (unnecessary uncertainty) and maysir (gambling). All values, standards and rules structuring Islamic commercial and nancial ethics are outlined in Shariah, which is best characterised as a framework providing legal, moral and spiritual guidance aimed at achieving the goals of Islam. Similar to other nancial institutions, Islamic nancial institutions are authorised and supervised by the regulatory authority in their country of incorporation. In addition, the following two self-regulating bodies have been established: The Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI). The Islamic Financial Services Board (IFSB). AAOIFI is an autonomous body responsible for the formulation and issuance of accountancy, auditing ethics, governance and Shariah standards for the international Islamic banking and nance industry. The standards have been developed to encourage the harmonisation of Islamic banking and nance practices, and to ensure transparency and uniformity of nancial reporting by Islamic banks and nancial institutions. The IFSB is an international standard-setting organisation with a mission to promote and enhance the soundness and stability of the Islamic nancial sector by issuing global prudential standards and guiding principles for the industry, broadly de ned to include banking, capital markets and insurance sectors. The IFSB standards are mainly based on the identi cation, management and disclosure of risks relevant to Islamic products and operations. Full members of the IFSB are typically central banks in countries where Islamic nancial institutions are incorporated. These countries are invited to apply the (optional) IFSB standards in order to provide a comparable regulated environment for the Islamic nancial sector. The standards are mandatory in some countries, such as Bahrain and Sudan, and are used as guidelines in others. From the perspective of nancial institutions, Shariah compliance can be achieved in various ways including by adopting national regulation, or by the voluntary adoption of Shariah-compliant standards through the directives and resolutions of the rms’ internal Shariah boards. 1.5 Extra-Territorial Reach of Legislation Learning Objective 1.1.6 Understand the purpose of the following: Data Protection, eg, GDPR; Tax Reporting, eg, CRS, FATCA; Banking Reform, eg, ICB, Dodd-Frank; Market Integrity, eg, MiFID II, MiFIR, MAR, EMIR, PSD2, Sarbanes Oxley, CSDR; Financial Crime, eg, UK Bribery Act, FCPA, AMLD As the nancial sector is international, many regulations and laws have application beyond national borders. Compliance oﬃcers need to be aware and understand the potential impact of such legislation. The regulations outlined in the remainder of this section are EU regulations which are implemented across the EU by individual member states. These also form the basis for the implementation of similar rules in countries outside the EU, amended to cater for speci c local circumstances. The UK, for example, has adopted the main provisions of EU nancial laws into UK legislation since its withdrawal from the EU on 1 January 2021. However, the UK has also made changes, such as the lowering of the age of consent for GDPR from 16 to 13 years, and the exemption from the MiFID inducement rules for research on SME issuers. Other deviations may happen over time. 1.5.1 Data Protection (GDPR) The EU General Data Protection Regulation (GDPR) was enforced on 25 May 2018 and replaced the Data Protection Directive. The GDPR is designed to harmonise data privacy laws across Europe to protect EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly diﬀerent from the time in which the 1995 directive was established. Although the key principles of data privacy still hold true to the previous directive, many changes have been proposed to the regulatory policies; the key points of the GDPR, as well as information on the impacts it will have on business can be found below. Video: The six General Data Protection Regulation principles Increased Territorial Scope (Extra-Territorial Applicability) The biggest change to the data privacy regulations due to GDPR is the extended jurisdiction. GDPR applies to all companies processing the personal data of data subjects residing in the European Union (EU), regardless of the company’s location. Previously, territorial applicability of the directive was ambiguous and referred to as data processing 'in context of an establishment'. This topic has arisen in a number of high- pro le court cases. The GDPR makes its applicability very clear – it will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not. The GDPR also applies to the processing of personal data of data subjects in the EU by a controller or processor who is not based in the EU, where the activities relate to: oﬀering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU. Non-EU businesses processing the data of EU citizens have to appoint a representative in the EU. Penalties Under GDPR, organisations in breach of the GDPR can be ned up to 4% of the annual global turnover of the previous nancial year or €20 million (UK – £17.5 million), whichever is greater. This is the maximum ne that can be imposed for the most serious infringements, eg, not having suﬃcient customer consent to process data or violating the core of privacy by design concepts. There is a tiered approach to ning, eg, a company can be ned 2% for not having their records in order (Article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors – meaning 'clouds' are not exempt from GDPR enforcement. Consent The conditions for consent have been strengthened, and companies are no longer able to use long illegible terms and conditions full of legalese. The request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. It must be clear and separate from other matters using clear and plain language. It must be as easy to withdraw consent as it is to give it. Data Subject Rights Breach Noti cation Under GDPR, breach noti cation is mandatory in all member states where a data breach is likely to 'result in a risk for the rights and freedoms of individuals'. This must be done within 72 hours of rst having become aware of the breach. Data processors are required to notify their customers, the controllers, 'without undue delay' after rst becoming aware of a data breach. Right to Access Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller con rmation as to whether or not their personal data is being processed, where and for what purpose. Furthermore, the controller must provide a copy of the personal data, free of charge, in an electronic format on request. Right to be Forgotten Also known as 'data erasure', the right to be forgotten entitles the data subject to have the data controller erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in Article 17, include the data no longer being relevant to the original purpose for processing, or a data subject withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to 'the public interest in the availability of the data' when considering such requests. Data Portability The GDPR has introduced data portability – the right for a data subject to receive the personal data concerning them, which they have previously provided in a 'commonly used and machine-readable format' and have the right to transmit that data to another controller. Privacy by Design Privacy by design as a concept has existed for years now, but has become part of a legal requirement with the GDPR. At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than as an addition. More speci cally: 'The controller shall...implement appropriate technical and organisational measures...in an eﬀective way...in order to meet the requirements of this Regulation and protect the rights of data subjects'. Article 23 calls for controllers to hold and process only the data absolutely necessary for the completion of its duties (data minimisation), as well as limiting the access to personal data to those needing to carry out the processing. Data Protection Oﬃcers (DPOs) Under GDPR, noti cations/registrations no longer need to be submitted to each local Data Protection Authority (DPA) of data processing activities. It is also no longer a requirement to notify/obtain approval for transfers based on the model contract clauses (MCCs). Instead, there are internal record-keeping requirements, as further explained below, and the appointment of a data protection oﬃcer (DPO) is mandatory only for those controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and oﬀences. Importantly, the DPO: must be appointed on the basis of professional qualities and, in particular, expert knowledge on data protection law and practices may be a staﬀ member or an external service provider contact details must be provided to the relevant DPA must be provided with appropriate resources to carry out their tasks and maintain their expert knowledge must report directly to the highest level of management, and must not carry out any other tasks that could result in a con ict of interest. 1.5.2 Banking Reform Independent Commission on Banking (ICB) The Independent Commission on Banking (ICB) was a UK government inquiry set up to investigate structural and related non-structural reforms to the UK banking sector to promote nancial stability and competition in the wake of the nancial crisis of 2007–08. The ICB was established in June 2010 and produced their recommendations in September 2011. The consequences of their ndings and recommendations are far-reaching and have resulted in UK banks ring- fencing their retail operations from the investment banks to safeguard the retail banks from the riskier activities. The ICB recommendations have been implemented as of 1 January 2019, eﬀectively creating separate legal entities for retail and investment banking activities. Dodd-Frank The Dodd-Frank Act is the result of a proposal by President Obama in June 2009 for a: ‘sweeping overhaul of the United States nancial regulatory system, a transformation on a scale not seen since the reforms that followed the Great Depression’. The Dodd-Frank Act includes: consolidation of regulatory agencies, elimination of the national thrift charter, and a new oversight council to evaluate systemic risk comprehensive regulation of nancial markets, including increased transparency of derivatives (bringing them on to exchanges) consumer protection reforms including a new consumer protection agency and uniform standards for ‘plain vanilla’ products as well as strengthened investor protection tools for nancial crises, including a ‘resolution regime’ complementing the existing Federal Deposit Insurance Corporation (FDIC) authority to allow for an orderly winding down of bankrupt rms, and including a proposal that the Federal Reserve receive authorisation from the Treasury for extensions of credit in ‘unusual or exigent circumstances’, and various measures aimed at increasing international standards and cooperation – included in this section were proposals related to improved accounting and tightened regulation of credit rating agencies. The objective of the Dodd-Frank Act is to promote the nancial stability of the US by improving accountability and transparency in the nancial system, to end ‘too big to fail’, to protect the American taxpayer by ending bailouts, to protect consumers from abusive nancial services practices, and for other purposes. The Act has changed the existing regulatory structure, by creating a number of new agencies, whilst merging and removing others in an eﬀort to streamline the regulatory process, increase oversight of speci c institutions regarded as a systemic risk, amend the Federal Reserve Act and promote transparency. The Act: established rigorous standards and supervision to protect the economy and American consumers, investors and businesses ended taxpayer-funded bailouts of nancial institutions provided for an advanced warning system on the stability of the economy created rules on executive compensation and corporate governance, and eliminated the loopholes that led to the economic recession. The new agencies are granted explicit power over a particular aspect of nancial regulation which may have been transferred from an existing agency. All agencies need to report to Congress on an annual (or biannual) basis, presenting the results of current plans and to explain future goals. Prior to the passage of the Dodd-Frank Act, investment advisers were not required to register with the Securities and Exchange Commission (SEC) if they had fewer than 15 clients during the previous 12 months and did not hold themselves out generally to the public as an investment adviser. The Dodd-Frank Act has eliminated that exemption. Certain non-bank nancial institutions are now supervised by the Federal Reserve in the same manner and to the same extent as if they were a bank-holding company. To enhance the regulatory system, changes have been proposed to existing agencies, including new powers and the transfer of powers to and from them. The institutions aﬀected by these changes include most of the regulatory agencies currently involved in monitoring the nancial system (eg, the FDIC, the SEC, Comptroller of the Currency, the Federal Reserve and the Securities Investor Protection Corporation (SIPC)). The Act impacts all US federal nancial regulatory agencies and has eliminated the Oﬃce of Thrift Supervision, creating two new agencies: the Financial Stability Oversight Council (FSOC) and the Oﬃce of Financial Research (OFR). In addition, the Act has introduced several consumer protection agencies, including the Bureau of Consumer Financial Protection. 1.5.3 Market Integrity Markets in Financial Instruments Directive (MiFID II) and the Markets in Financial Instruments Regulation (MiFIR) Markets in Financial Instruments Directive (MiFID) is a European Union (EU) directive introduced in 2007. MiFID II, the updated version, came into force on 3 January 2018. Markets in Financial Instruments Regulation (MiFIR) is the associated regulation. One of the key aims of MiFID is to provide investor protection rules across the whole European Economic Area (EEA). Investor protection is ensured by the: obligation to obtain the best possible result for the client information disclosure requirements client-speci c rules on suitability and appropriateness of nancial products, and rules on inducements. As a general principle, MiFID places signi cant importance on the duciary duties of rms. It established a general obligation for rms to act in the client’s best interest, placing a duciary duty on rms to put their client’s interests ahead of the rm’s interest. Passporting MiFID supports two key policy goals of the EU. These are: extending the range of investment services for which a rm can obtain an EU ‘passport’ (ie, obtaining authorisation in one EU state – the home state – enabling a rm to provide investment services in another EU member state – the host state – without requiring any further local authorisations), and removing a major hurdle to cross-border business by no longer applying ‘host state’ rules to incoming passported rms. The range of investment services passportable under MiFID includes: receipt and transmission of orders in relation to one or more nancial instruments execution of orders on behalf of clients dealing on own account portfolio management investment advice underwriting of nancial instruments and/or placing of nancial instruments on a rm commitment basis placing of nancial instruments without a rm commitment basis, and operation of multilateral trading facilities (MTFs). The directives are binding on member states in terms of the result to be achieved but provide individual countries with the exibility to implement the rules in their own national legal systems as they see t. In the UK, for example, when implementing EU regulations, the FCA conducts a cost/bene t analysis on the implementation to assess the most appropriate way to proceed. Areas for consideration include: ensuring that market innovation is not sti ed protecting and, where possible, enhancing the international character of the UK’s nancial markets, and considering the impact of any regulation on the competition. Prior to making any changes, the FCA publishes the proposed rules and guidance in draft for consultation. Consultation papers (CPs) are the formal means by which this consultation takes place. Discussion papers (DPs) are preliminary and informal discussion-stimulating papers. These papers give the various representative industry bodies an opportunity to respond to the proposals from the perspective of their impact on the risk management and control frameworks of their member rms. Once the consultation is concluded, the FCA takes into consideration all responses and issues a policy statement (PS), which details the decided policy and contains the feedback from the formal consultation. As EU regulatory institutions gain more power, they have produced more detailed rules to support the implementation of EU directives. As a result, the ability of national regulators to interpret the directive diﬀerently and, therefore, the scope for regulatory arbitrage is reduced. Choosing a location because of a more lenient local interpretation of the directive is no longer an option. MiFID II is an example of increased standardisation, as it is aimed at standardising areas such as product governance, suitability and appropriateness, and the disclosure of costs and charges. Market Abuse Regulation (MAR) The EU Market Abuse Regulation (MAR) came into force on 3 July 2016. It applies to: a. nancial instruments admitted to trading on a regulated market or for which a request for admission to trading on a regulated market has been made b. nancial instruments traded on an MTF, admitted to trading on an MTF, or for which a request for admission to trading on an MTF has been made c. nancial instruments traded on an organised trading facility (OTF), and d. nancial instruments not covered by points (a), (b) or (c), the price or value of which depends on or has an eﬀect on the price or value of a nancial instrument referred to in those points, including, but not limited to, credit default swaps and contracts for diﬀerence. MAR includes behaviour or transactions, including bids, relating to the auctioning on an auction platform authorised as a regulated market of emission allowances or other auctioned products based thereon, including when auctioned products are not nancial instruments. MAR incorporates the following European Securities and Markets Authority (ESMA) guidelines: Inside information of commodity derivatives, including that information which is reasonably expected or required to be disclosed on relevant commodity derivative and spot markets. Delay disclosure of inside information. Market soundings detailing the factors, steps and appropriate records required to be taken into consideration when information is disclosed as part of the sounding regime. MAR includes the requirements for disclosure of emission allowances, and the need to maintain an insider list for emission allowances, market participants and parties involved in relevant auctions. Inside information is information that would be likely to have a signi cant eﬀect on the price of nancial instruments or issuers if it were to be made public. Financial instruments include spot commodity contracts, emission allowances, and related auction products. The use of inside information to execute a transaction, or to amend or cancel an existing transaction constitutes insider dealing. In addition, persons who possess inside information are prohibited from using that information to (or attempt to) deal in nancial instruments or to recommend or induce another person to transact on the basis of inside information. Firms need to maintain a register of insiders. Issuers and emission allowance market participants (EAMPs) need to publicly disclose any inside information which has been (in)directly made available to them as soon as possible. Disclosure may be delayed if it is in the interest of nancial stability. The appropriate nancial regulator needs to be informed immediately after the decision to delay the disclosure of inside information has been made. A rm does not have to provide a written explanation of how the conditions for delayed disclosure are met but will need to keep appropriate records which will have to be made available to the regulatory authority on demand. MAR introduces a framework to make legitimate disclosures of inside information in the course of market soundings. A market sounding is a communication or information that is disclosed to one or more investors prior to the announcement of a transaction. The purpose of a market sounding is to assess the interest of potential investors in relation to the transaction, potential size, and pricing. Market manipulation covers any activity that gives or may give false or misleading signals about the demand, supply, or price of a nancial instrument, thus impacting trading in the instrument in a way intended by the person. Market manipulation can take forms such as: false or misleading signals resulting from transactions, orders, trades, or any other behaviour using ctitious devices or other deceptions likely to aﬀect the price false or misleading signals resulting from disseminating information, and collaboration to secure a dominant position over demand and supply, creating unfair trading conditions, and other similar behaviours. Buy-back programmes and stabilisation measures may be exempt from the prohibitions against market abuse. Firms will have to notify their regulatory authority prior to undertaking these transactions. Persons discharging managerial responsibilities (PDMRs) within issuers or EAMPs, and persons closely associated with them, must notify their regulatory authority and the issuer or EAMP of relevant personal transactions they undertake in the issuer’s shares, debt instruments, derivatives or other linked nancial instruments, if the total amount of transactions per calendar year has reached €5,000. The noti cation must be made public within three business days. In addition, PDMRs are prohibited from conducting certain personal transactions during a closed period. European Market Infrastructure Regulation (EMIR) Following the nancial crisis, the G20 countries committed to address risks related to the derivatives markets. In order to make that commitment eﬀective, the European Parliament and Council have adopted European Market Infrastructure Regulation (EMIR), a regulation that requires over-the-counter (OTC) derivative contracts to be cleared and derivatives contracts to be reported. EMIR sets the framework to enhance the safety of central counterparties (CCPs) and trade repositories (TRs). EMIR and the regulation on OTC derivatives, CCPs and TRs, came into force on 16 August 2012. The main obligations under EMIR are: central clearing for certain classes of OTC derivatives application of risk mitigation techniques for non-centrally cleared OTC derivatives reporting to TRs application of organisational, conduct of business and prudential requirements for CCPs, and application of requirements for TRs, including the duty to make certain data available to the public and relevant authorities. Payment Services Directive 2 (PSD2) The Payment Services Directive 2 (PSD2) was introduced into national law of the EU member states on 13 January 2018. In this context, payment services are de ned as follows: 'Services enabling cash to be deposited in or withdrawn from, for example, a bank account, as well as all the operations required to operate the account. This can include transfers of funds, direct debits, credit transfers and card payments. Paper transactions are not covered by the directive.' The aim of the directive is to: provide the legal foundation for the further development of a better integrated internal market for electronic payments within the EU put in place comprehensive rules for payment services, with the goal of making international payments within the EU as easy, eﬃcient, and secure as payments within a country open up payment markets to new entrants leading to enhanced competition, greater choice, and better prices for consumers, and provide the necessary legal platform for the single euro payments area (SEPA). PSD2 improves the existing EU rules for electronic payments incorporating emerging and innovative payment services such as internet and mobile payments. To this end, it sets out rules concerning security requirements, transparency of conditions, and the rights and obligations of users and providers of payment services. PSD2 is complemented by regulation (EU) 2015/751 which caps fees charged between banks for card-based transactions. This is aimed at reducing the cost for merchants in accepting consumer debit and credit cards. The PSD2 rules apply to existing and new providers of innovative payment services and seek to ensure that these players can compete on equal terms. This, in turn, will result in greater eﬃciency, choice and transparency of payment services, while strengthening consumers' trust in a harmonised payments market. PSD2 opens up the EU payment market to companies oﬀering the following consumer- or business-oriented payments services: 1. Account information services – allow a payment service user to have an overview of their nancial status at any time. 2. Payment initiation services – allow consumers to pay by means of simple credit transfer for online purchases whilst assuring the payment is initiated and goods and services can be provided without delay. Organisations oﬀering account information services need to have professional indemnity insurance as a condition of authorisation. PSD2 enhances consumer rights including reduced liability for non- authorised payment to €50 (from €150), the unconditional right to refund direct debits in euros and the removal of surcharges for the use of a consumer debit or credit card. The European Banking Authority (EBA) will develop a central register of authorised payment institutions which will be publicly accessible and maintained by national authorities. In addition, the role of the EBA is to assist in dispute resolution between national authorities, to develop regulatory technical standards on strong customer authorisation and secure communication channels, and to develop cooperation and information exchange between supervisory authorities. Sarbanes-Oxley (SOX) Act 2002 The US government introduced the Sarbanes-Oxley (SOX) Act in 2002 following a series of nancial scandals that began in 2001 with the collapse of major US corporations such as Enron and WorldCom. SOX includes proposals to improve the nancial reporting process and restore investor con dence in the US nancial markets, and was passed by Congress in July 2002. At the time, President Bush characterised it as ‘the most far-reaching reforms of American business practices since the time of Franklin Roosevelt’. The objective of SOX is ‘to protect investors by improving the accuracy and reliability of corporate disclosures’. It applies to US public companies and their global subsidiaries. In addition, it applies to foreign companies with shares listed on US stock exchanges. What are the Implications of the Legislation? One of the key sections is Section 404, which lays out the requirement for the management of a US public company to report annually on the operational eﬀectiveness of the company’s internal controls over nancial reporting. The company’s auditors must attest to and report on the management’s assertion over the eﬀectiveness of internal nancial controls. This section signi cantly impacts the governance and behaviour of any business with a US listing, including non-US companies, and their global subsidiaries and joint ventures. Requirements for Auditors SOX introduced the Public Company Accounting Oversight Board (PCAOB), whose members are appointed by the SEC to oversee auditors and to establish and enforce auditing standards. Key changes can be summarised as follows: The PCAOB is required to inspect large accounting rms annually (ie, those that regularly audit more than 100 companies), and to inspect smaller rms every three years. The Act authorises the PCAOB to subpoena documents, compel testimony, suspend the right of accounting rms to audit public companies and impose substantial nes. In order to address con icts of interest in rms that both perform audits and provide consulting, auditors are prevented from providing certain non-audit services, and are only permitted to provide other services, such as tax advice, if this is disclosed and approved by the audit committee of the company receiving the advice. Auditors have to be appointed by the audit committee of a company’s board of directors rather than by company management and members of the audit committee must be independent of management. The lead accounting rm partner on an audit has to be replaced every ve years. An accounting rm may not audit a company where senior executives previously worked for the rm and participated in the audit within the previous year. Breaches of the rules are subject to criminal nes and up to ten years in prison. Reporting Requirements SOX requires rms to meet the following internal control standards to ensure the accurate reporting of their nancial position: The chief executive oﬃcer (CEO) and chief nance oﬃcer (CFO) are responsible for ensuring that internal controls and procedures can provide accurate nancial disclosures. The controls must ensure that the CEO and CFO are aware of material information. Compliance work must be performed on a continual basis to document and attest to the eﬀectiveness of their internal controls. Companies, and their auditors, must also report on the eﬀectiveness of these internal controls. The requirements for the annual internal controls report include the following: It should be produced as part of the annual nancial accounts. It must acknowledge management’s responsibility for establishing and maintaining adequate controls and procedures for nancial reporting. It must contain an assessment of the eﬀectiveness of the rm’s controls and procedures for the purposes of nancial reporting. Requirements of US Listings To achieve and maintain US exchange listings, SOX requires a signi cant change in both management’s reporting responsibilities, and the responsibilities of the independent auditor. In addition to those provisions described above, the Act also covers a number of other corporate governance issues, such as: measures to prevent con icts of interest between securities analysts and investment banks the requirement for the CEO and CFO to certify the accuracy of the rm’s annual and quarterly SEC reports; they are then personally responsible for the information all oﬀ-balance sheet transactions and material relationships must be disclosed the company must state whether it has adopted a code of ethics for its senior nancial oﬃcers personal loans to oﬃcers or directors are forbidden, and greater protection is given for whistleblowers, and retaliation can be punishable with up to ten years’ imprisonment. The Act also de ned the following related crimes: Defrauding securities investors – up to 25 years in prison. CEOs knowingly signing a false nancial statement – nes of up to $5 million and 20 years in prison for wilful violations. Obstruction of justice by destroying documents – nes and prison terms of up to 20 years. Compliance with Section 404 requires that businesses now have to document and attest to the operational eﬀectiveness of a wide range of processes that have an impact upon the accuracy of their annual nancial performance and reporting. These include traditional nancial processes such as accounts payable and receivables, but also cover those that have an indirect nancial impact; for banking and nancial institutions these include the processes around the movement of money and customer funds, such as direct debit, cheque clearing and the procedures for opening or closing accounts. To comply with the Act, many businesses documented and tested a larger number of controls. As part of the SOX requirements, this compliance work must be performed on a continual basis, and rms must document and attest to the eﬀectiveness of their internal controls on an annual basis. Section 302 of SOX sets out that the CEO and CFO are required to certify that the nancial statements and other information that is included in each quarterly report are a true and accurate representation in all material respects. Central Securities Depository Regulations (CSDR) 2022 The Central Securities Depository Regulations (CSDR) is an EU regulation that came into force in 2014, introducing uniform requirements for the settlement of nancial instruments in the EU as well as rules related to the organisation and conduct of central securities depositories (CSDs) to promote safe, eﬃcient, and smooth settlement. It applies to all rms that trade securities in the EU regardless of their location. A CSD is an institution that holds nancial instruments including equities, bonds, money market instruments and mutual funds. A settlement fail is de ned as the non-occurrence of settlement or partial settlement of a securities transaction on the intended settlement date, due to a lack of securities or cash and regardless of the underlying cause. Under CSDR, all transactions should be settled on the intended settlement date (at the latest, two business days after the trade date). In addition, it introduces measures to prevent settlement fails, encouraging rms to oﬀer professional clients the mechanism to electronically send con rmations and allocation details using international open communication procedures and standards for messaging and reference data. Straight-through processing (STP) is deemed essential for maintaining timely settlement for high volumes of transactions. Where possible, settlement fails need to be resolved during the period between the trade date and the intended settlement date. However, it is recognised that this is not always possible and therefore, the settlement period may be extended and the following steps are introduced: Extension period – time between the intended settlement date and buy-in date. Typically four business days, but this may be increased to seven business days based on asset type and liquidity considerations. Buy-in period –after the end of the extension period, transactions that continue to fail due to a lack of securities will be subject to a mandatory buy-in process. If buy-in is not possible, for example, due to reduced liquidity, the seller must pay a compensation to the buyer in cash. As of 1 February 2022, phase 3 of the CSDR, the Settlement Discipline Regime (SDR), has come into force, which introduces new cash penalties for settlement fails. Under SDR, penalties are imposed on the market participant responsible for the settlement fail. Market participants may pass on the penalties to their clients if the settlement fail is not the fault of the market participant themselves. The SDR is intended to be an eﬀective deterrent of settlement fails, whilst at the same time incentivising timely settlement. In the event the settlement fail is caused by a failure to deliver the nancial instrument, the penalty rate is based on the type of instrument and is related to the value of the instrument to be delivered. In the event the settlement fail is caused by a lack of cash, the penalty rate is based on the basis of the cost of borrowing. The cash penalties apply to all transactions in transferable securities, money-market instruments, units in collective investment undertakings and emissions allowances admitted to trading on an EEA trading venue (including OTC transactions) or cleared through an EEA central counterparty, regardless of the location of the market participant. Penalty rates applicable to settlement fails are as follows: Penalties are calculated by the CSD on a daily basis for each day between the intended and the actual settlement date and are charged to each failing market participant at least monthly. Collected penalties are redistributed by the CSD to market participants impacted by the relevant settlement fail. Settlement fails must be reported to the regulatory authority of the CSD. 1.5.4 Financial Crime There is no internationally accepted de nition of ‘ nancial crime’. It is generally understood to include the laundering of the proceeds of any crime, terrorist nancing, the nancing of the proliferation of weapons of mass destruction (WMDs), breaches of nancial and trade sanctions, market abuse, and tax evasion. FSMA broadly de nes the term to include ‘any oﬀence involving fraud or dishonesty; misconduct in or misuse of information relating to, a nancial market; or handling the proceeds of crime’, and de nes the term ‘oﬀence’ as behaviour that ‘includes an act or omission which would be an oﬀence if it had taken place in the UK’. Thus, expanding the remit of the legislation to include conduct occurring outside the UK. In the context of global nancial compliance, the UK Bribery Act and the Foreign Corrupt Practices Act are of particular importance. UK Bribery Act 2010 The Organisation for Economic Co-operation and Development (OECD) Convention on Combating Bribery of Foreign Public Oﬃcials in International Business Transactions was signed in 1997 and reaﬃrmed in 2009. It establishes legally binding standards to criminalise the bribery of foreign public oﬃcials in international business transactions and provides for a host of related measures to make it eﬀective. It is the rst and only international anti-corruption instrument focused on the supply side of the bribery transaction. The 35 OECD member countries and four non-member countries – Argentina, Brazil, Bulgaria, and South Africa – have adopted the Convention. The UK Bribery Act 2010 is an example of legislation designed to implement the OECD Convention. The Act created new oﬀences of: oﬀering or receiving a bribe (Section 1) bribery of foreign public oﬃcials (Section 6), and a failure to prevent a bribe being paid on an organisation’s behalf (Section 7). It also provides a defence to the last oﬀence where an organisation can show that it has ‘adequate procedures’ in place. Section 12 of the Act provides that the courts will have jurisdiction over oﬀences committed in the UK, as well as oﬀences committed outside the UK where the person committing them has a close connection with the UK by virtue of being a British national or ordinarily resident in the UK, a body incorporated in the UK, or a Scottish partnership. In addition, in relation to Section 7 – failure to prevent a bribe – the jurisdiction of the UK courts is extended to foreign commercial organisations. Only a ‘relevant commercial organisation’ can commit an oﬀence under Section 7 of the Bribery Act. A relevant commercial organisation is de ned in Section 7(5) as: ‘a body or partnership incorporated or formed in the UK irrespective of where it carries on a business, or an incorporated body or partnership which carries on a business or part of a business in the UK irrespective of the place of incorporation or formation’. It is up to the courts to determine whether an organisation carries on a business in the UK, taking into account the particular facts in individual cases. While the Act represents a stronger approach to eradicate bribery across all rms and industries, the nancial sector has previously been subject to action. In 2009, the UK nancial services regulator imposed a ne of £5.25 million on insurance company Aon for: ‘failing to take reasonable care to establish and maintain eﬀective systems and controls for countering the risks of bribery and corruption associated with making payments to ‘Overseas Third Parties’ who assisted Aon in winning business from overseas clients, particularly in high risk jurisdictions’. Case Study Due to its extraterritorial reach, the UK Bribery Act can have signi cant impact on foreign companies. A foreign company which carries on any ‘part of a business’ in the UK could be prosecuted under the Bribery Act for failing to prevent bribery committed by any of its employees, agents or other representatives, even if the bribery takes place outside the UK and involves non-UK persons. For example, a German construction company with a UK subsidiary appoints an intermediary to facilitate business in Africa, and the intermediary pays a bribe to a local oﬃcial. In some circumstances, the German parent could be liable under the UK Bribery Act for failing to prevent bribery. The Act is engaged simply by virtue of the existence of a UK operation. Using the same example, the UK subsidiary is itself at risk of prosecution if a person or company associated with it is involved in bribery, as are any German nationals working for the UK subsidiary and, therefore, ‘ordinarily resident’ in the UK, if they are found to have paid or received a bribe. ‘Part of a business’ is not de ned in the Act, but even a UK representative oﬃce or agent may be suﬃcient for the purposes of the corporate oﬀence. Foreign Corrupt Practices Act (1977) The US Foreign Corrupt Practices Act (FCPA) has had signi cant impact on the way American rms do business, both in the US and overseas. The FCPA was originally enacted by the US Congress in 1977 and has been revised since. The provisions of the FCPA make it unlawful for a US person, and certain foreign issuers of securities, to make a corrupt payment to a foreign oﬃcial for the purpose of obtaining or retaining business for or with, or directing business to, any person. The provisions also apply to foreign rms and persons who take any act in the furtherance of such a corrupt payment while in the US. In 1977, the International Chamber of Commerce (ICC) published Rules of Conduct to Combat Extortion and Bribery. These rules set out basic measures by which companies can reduce the likelihood of corrupt practices. The OECD Convention on Combating Bribery of Foreign Public Oﬃcials in International Business Transactions was signed by the US and 33 other OECD member countries in 1997 and reaﬃrmed in 2009. Since 1997, over 400 US companies have admitted to the US SEC that they had made questionable or illegal payments in excess of $300 million to foreign government oﬃcials, politicians and political parties. Several US rms have since been convicted in the criminal courts of having paid bribes to foreign oﬃcials and have suﬀered large nes as well as being banned from participating in US federal procurement programmes. In addition, employees and oﬃcers have gone to jail. Firms need to have controls in place to ensure that they know who their customers are (in particular if customers are considered to be politically exposed persons (PEPs)), including the details of the management and ownership of the entities with whom they do business. Firms need to be comfortable that their business is not associated with criminals. The SOX legislation also imposes requirements on rms to disclose instances of fraud as well as reporting annually on their systems of internal control, so compliance with the FCPA helps ensure SOX compliance too. In order to avoid criminal prosecutions and nes, many rms have implemented detailed compliance programmes to prevent and detect any improper payments by employees or agents, particularly those operating ‘in the eld’ in tough emerging markets, where competition and general business practice often mean that rules set at head oﬃce are diﬃcult to implement in practice and managers may attempt to circumvent regulations to achieve a sale. Particular controls include: due diligence checks on third parties to establish their bona des at the outset of the relationship but, very importantly, as the relationship continues committees with senior executive representation to oversee the risks of bribery and corruption, to receive periodic management information detailed training for staﬀ, and general monitoring of processes and controls by independent risk, compliance or audit functions. Any company not implementing comprehensive compliance processes and controls and, in particular, not actively examining the history of its business partners to determine past involvement in fraud or corruption, will have signi cant diﬃculties in being able to meet anti-bribery and corruption legislation and regulation. A poor approach to compliance may result in criminal investigations, regulatory nes, restriction of trade and even jail sentences. Clearly, the reputational risk is signi cant and it is worth ensuring compliance with anti-bribery legislation. The Foreign Account Tax Compliance Act (FATCA) 2010 Foreign Account Tax Compliance Act (FATCA), enacted by the US in 2010 as part of the Hiring Incentives to Restore Employment (HIRE) Act, is an important development in US eﬀorts to combat tax evasion by US persons holding investments in oﬀshore accounts. Under FATCA, US taxpayers holding nancial assets outside the US are required to report those assets to the Internal Revenue Service (IRS). In addition, FATCA requires foreign nancial institutions (FFIs) to report directly to the IRS certain information about nancial accounts held by US taxpayers, or by foreign entities in which US taxpayers hold a substantial ownership interest. Reporting by FFIs Firms outside the US are not directly subject to US legislation, and so a series of intergovernmental agreements have been entered into so that the US authorities will receive the information they require to improve tax compliance. UK FFIs will report directly to Her Majesty’s Revenue & Customs (HMRC) certain information about the nancial accounts held by US taxpayers, or by foreign entities in which US taxpayers hold a substantial ownership interest. An FFI in a country not party to an intergovernmental agreement is expected to register with the IRS. UK and US Intergovernmental Agreement The UK and the US have entered into an intergovernmental agreement to improve tax compliance. The agreement also covers the implementation of FATCA on the basis of domestic reporting and reciprocal exchange of information. As a result of the agreement, UK rms are legally bound to report information requested by the US authorities to the UK government. Anti-Money Laundering Directive (AMLD) The EU Anti-Money Laundering Directive (AMLD) is an EU legal act and risk-based approach that requires EU-wide risk assessments in combination with national and institutional risk assessments. It covers customer due diligence (CDD) and other requirements on nancial institutions and designated non- nancial businesses and professions (DNFBPs), in accordance with the Financial Action Task Force (FATF) Recommendations. DNFBPs are non- nancial sectors identi ed to be vulnerable to money laundering abuse, such as lawyers, accountants, real estate agents and some types of businesses that deal in high-value goods. The directive extends the de nition of PEPs to also include those in the home country of the institution. Over time, amendments have been made to the directive to ensure it remains current. The main amendments, in the most recent version (5AMLD), are related to bene cial ownership, removing anonymity on unpaid credit cards, risks of virtual currencies, exchange of information between nancial intelligence units (FIUs), additional checks on transactions with high-risk third countries and centralised account registers or retrieval systems. 5AMLD was adopted into European law in April 2018, to be implemented by member countries by October 2020. Further changes have been incorporated in 6AMLD, which came into force in December 2020, for implementation by 3 June 2021. The main changes are: the standardisation of predicate oﬀences and the inclusion of two new predicate oﬀences: cybercrime and environmental crime the expansion of crimes that are categorised as money laundering to include aiding and abetting increased prison time and nancial penalties enhanced cooperation between member states, and the extension of criminal liability to businesses. The AMLD is incorporated in law within individual member states. 1.5.5 Common Reporting Standard (CRS) for the Exchange of Financial Information On 6 May 2014, 47 countries tentatively agreed on common reporting standards (CRSs) to share information on residents’ assets and incomes automatically in conformation with the standard. Until now, the parties to most treaties that are in place for sharing information have shared information upon request, which has not proved eﬀective in preventing tax evasion. The new system is supposed to automatically and systematically transfer all the relevant information. On 29 October 2014, 51 jurisdictions signed an agreement to automatically exchange information based on Article 6 of the Convention on Mutual Administrative Assistance in Tax Matters. The OECD CRS is a major step towards an internationally coordinated approach to the disclosure of income earned by individuals and organisations. As a measure to counter tax evasion, it builds upon other information-sharing legislation, such as FATCA and the EU Savings Directive. However, crucially, FATCA is much narrower in scope than the OECD standard for automatic exchange of information (AEoI). The CRS, formally referred to as the standard for the automatic exchange of nancial account information is, in practical terms, a framework of an information standard for the AEoI, developed in the context of the OECD. The aim of this framework is for jurisdictions to obtain information from their nancial institutions (FIs) and automatically exchange that information with other jurisdictions on an annual basis. It sets out the nancial account information to be exchanged. The FIs are required to report the diﬀerent types of accounts and taxpayers covered, as well as the CDD procedures to be followed. These initiatives involve governments obtaining information from their FIs and exchanging data automatically with other nations. FIs (and other investment entities) will have signi cant additional reporting responsibilities, in order to disclose details of their account holders, with potential penalties for those unable or unwilling to comply fully. The legal basis for the exchange of data is the Convention on Mutual Administrative Assistance in Tax Matters and the idea is based on the FATCA implementation agreements. The AEoI consists of two regulations or agreements: OECD Competent Authority Agreement (CAA) is the bilateral agreement between jurisdictions that have signed up to the AEoI. The agreement is what allows the competent authorities (in most cases, this is the jurisdiction’s tax authority) to exchange information. OECD Common Reporting Standard (CRS) sets out the baseline regulation to be adopted in the jurisdictions that have signed up to AEoI. It sets out who will be reporting, what will be reported and to some degree the format of the reporting. This could be seen as the minimal requirements for the regulations. Financial information to be reported includes interest, dividends, account balance, income from certain insurance products and sales proceeds from nancial assets. In gathering data, residency or tax residency within a country is the decisive factor, not citizenship. The CRS relies heavily on local anti-money laundering (AML) and know your customer (KYC) requirements, and on self-certi cation by account holders, although it includes some documentation remediation. The intention is to eventually have a single global standard. 1.6 Exchanges, Multilateral Trading Facilities (MTFs) and Systematic Internalisers (SIs) Learning Objectives 1.1.7 Understand how regulation operates in an exchange-traded environment 1.1.8 Understand the key bene ts of regulated market structures: exchanges; trading venues (multilateral trading facilities and organised trading facilities); systematic internalisers 1.6.1 Exchanges A large proportion of trades in nancial instruments are carried out through established investment exchanges, such as the London Stock Exchange (LSE), the New York Stock Exchange (NYSE) and the Tokyo Stock Exchange (TSE). Example An example of an exchange-traded environment is the stock exchange in Singapore operated by Singapore Exchange ltd (SGX). The exchange is Asia-Paci c’s rst demutualised and integrated securities and derivatives exchange, with members including organisations that trade derivatives and securities. The SGX operates the securities and derivatives exchange and the respective clearing houses and securities depository. The SGX performs all steps in the value chain of business – order routing, trading, matching, clearing, settlement and depository functions. The SGX is responsible for: regulating the stock market approving applications for listing provision and administration of business and listing rules supervising admission of members and compliance by listed companies with the listing rules and corporate disclosure policies market surveillance and risk management for the clearing of securities and derivatives, and overseeing the capital requirements of brokers and investigating brokers as and when it deems necessary. These responsibilities are typical to investment exchanges. Exchanges and their operators are normally subject to regulation and supervision by monetary authorities or other regulatory authorities. In Singapore, the Monetary Authority of Singapore (MAS) is the body charged with these responsibilities, while in the UK it is the FCA. In the UK, any body corporate or an unincorporated association may apply to the FCA for an order declaring it to be a recognised investment exchange (RIE). The FCA will look to establish: whether the applicant is ‘ t and proper’ to operate as an exchange whether it has suﬃcient nancial resources to properly carry out its activities that the applicant is willing and able to share information with the FCA, and to promote and maintain high standards of integrity and fair dealing, including laying down rules for activities on the exchange, and that the applicant will record, monitor and enforce compliance with the rules of the exchange. Exchange operators are expected to take disciplinary action against members, directors, employers and trading representatives, or against any person registered by the exchange. Disciplinary Actions under an Exchange Environment Disciplinary action and enforcement penalties are usually determined by a disciplinary committee. The following actions may be available – either individually or in combination: a reprimand a ne (usually within limits laid down/agreed by the exchange) suspension of the member, or expulsion of the member or trading representative. Where the matter involves a violation of the law, the matter may be referred to the relevant authorities for further action. An appeal process is normally provided so that members of the exchange may appeal to an appeals committee against the decision of the disciplinary committee. 1.6.2 Multilateral Trading Facilities (MTFs)/Systematic Internalisers (SIs) Multilateral trading facilities (MTFs) are described by the FCA as being any system that brings together multiple parties (eg, retail investors or other investment rms) that are interested in buying and selling nancial instruments and enables them to do so. These systems can be operated by an investment rm or a market operator – these allow parties to trade among themselves away from the exchanges. Instruments may include shares, bonds and derivatives. This is done within the MTF operator’s system. The introduction of MTFs, under MiFID, allowed greater competition to the formalised investment exchanges to be introduced but subject to direct prudential and supervisory oversight by national regulators. Accordingly, MiFID replaced rules in many markets that required trades to be executed at local exchanges. Instead, for example, banks are allowed to act as systematic internalisers (SIs), matching customer orders internally rather than showing these to the market. SIs, traditionally called market makers, are investment rms who could match ‘buy’ and ‘sell’ orders from clients in-house, providing that they conform to certain criteria. Instead of sending orders to a central exchange such as the LSE, investment banks can match them with other orders on their own book. Examples of such rms are Credit Suisse and UBS. It should be noted that an SI may only act as an SI for as little as one asset class under MiFID II. Furthermore, ESMA does not have any immediate plans to issue a register of SIs. SIs are able to compete directly with stock exchanges and automated dealing systems, but they have to make such dealings transparent. They must show a price before a trade is made. After a trade is made, they have to give information about the transaction, just like conventional trading exchanges. 1.6.3 Key Bene ts of Regulated Market Structures The following table highlights the key features and bene ts of the various types of trading venue: 1.6.4 Organised Trading Facilities (OTFs) An organised trading facility (OTF) is a new category of trading venue introduced by MiFID II. It is a multilateral trading system that is not a regulated market or an MTF. Bonds, structured nance products, emission allowances and derivatives can be traded on an OTF, but equities cannot. As a result of the introduction of OTFs, transactions previously categorised as oﬀ-venue, now fall under a multilateral trading environment which increases overall market transparency, reduces the prevalence of opaque market models and products, and increases the quality of price discovery, investor protection, and liquidity. OTFs assist market participants in meeting MiFID II platform-trading obligations for derivatives and provide an additional trading venue for derivatives, CPPs, and TRs that are suﬃciently liquid for the trading obligations to apply. Instruments not subject to the trading obligation can be traded on OTFs through market making schemes. Due to the fact that both are multilateral trading environments, the rules for OTFs and MTFs are the same. The key diﬀerence is the ability and requirements of an OTF to use discretion when matching buying and selling interests. The use of discretion must be in line with fair and orderly trading and best execution obligations to clients. OTFs must establish clear trading rules and processes, including clear and non- discriminatory access rules. OTFs need to have the ability to suspend instruments from trading and maintain resilient systems to facilitate continuity of trading under stressed conditions. OTFs are subject to the same pre- and post-trade transparency requirements as an MTF which apply to any order or transaction executed through their systems or under their rules. OTFs will have to publish the details of current bids and oﬀers and the depth of trading interests of those prices. In addition, details of transactions have to be made public as close to real time as is technically possible. OTFs can operate under any trading protocol as it is consistent with fair and orderly trading and the exercise of discretion. Eﬀective arrangements and procedures need to be established and maintained to enable the regular monitoring of compliance by their members. OTFs need to identify, and act upon, breaches of rules, disorderly trading conditions or conduct that may involve market abuse in relation to any transactions undertaken by their members on the OTF’s systems. OTF operators must use discretion when deciding when to place or remove an order on their OTF, and whether or not to match a speci c client order with orders available in the system, subject to best execution obligations. Investment rms or market operators running an OTF need to ensure client orders are not executed against the proprietary capital of: the rm, or any entity that is part of the rm’s legal group. The use of proprietary capital is only permitted for illiquid sovereign debt instruments. An OTF may only engage in matched principal trading if this has been agreed by clients. Matched principal trading is not permitted for derivatives subject to the EMIR-clearing obligation. The same legal entity cannot operate both an OTF and an SI. OTFs are prohibited from interacting with an SI if this allows any quotes or orders in the SI to interact. This prohibition also applies to quotes and orders in another OTF where two OTFs are interacting. 1.7 Oﬀ-Market Transactions Learning Objective 1.1.9 Understand how regulation applies to OTC derivatives transactions OTC derivatives are transactions conducted oﬀ-market. Trading in OTC derivatives is opaque due to the fact that they are privately negotiated contracts and consequently any information concerning any one of them is usually only available to the contracting parties. The nancial crisis brought the OTC derivatives market to the forefront of regulatory attention. The near collapse of Bear Sterns in March 2008, the default of Lehman Brothers in September 2008 and the bailout of American International Group, inc (AIG) in November 2008 highlighted the shortcomings in the functioning of this market. The main observations are summarised below. Transparency The nancial crisis highlighted a lack of information on positions and exposures of individual rms in OTC derivatives. On the one hand, this lack of information prevents regulators from a timely detection of risks building up at individual institutions and in the system as a whole. It also prevents them from accurately assessing the consequences of a default of a market participant and, therefore, from responding in an appropriate manner should such a default occur (Lehman’s case was a clear demonstration of this). On the other hand, it helps fuel suspicion and uncertainty among market participants during a crisis. Counterparty Risk OTC derivative contracts bind counterparties together for the duration of the transaction. Throughout the lifetime of a contract, counterparties build up claims against each other, as the rights and obligations contained in the contract evolve with the underlying that the contract is derived from. This gives rise to counterparty credit risk, ie, the risk that a counterparty may not honour its obligations under the contract when they become due. Clearing is the function by which these risks are managed over time. It can be carried out centrally, through a CCP, or bilaterally. Although both types of clearing are used in the OTC derivatives market, bilateral clearing is the most used form of the two. The crisis highlighted that the level of counterparty credit risk related to OTC derivatives was much higher than both market participants and regulators had previously thought. To put it diﬀerently, the amount of collateral used to mitigate counterparty credit risk was insuﬃcient. The main reason for this lies in inadequate collateralisation in the part of the market that is cleared bilaterally, either because some market participants are not required to provide collateral to secure their OTC derivatives trades or because of issues related to the risk management processes of those market participants that do provide collateral. Operational Risk Between the agreement and the con rmation of the transaction, an OTC derivative follows a number of processing steps. In addition, the transaction is subject to a number of events, such as collateral management and settlement of cash payments, that are inherent in the rights and obligations of the contract. The OTC derivatives market allows for a high degree of exibility in de ning the economic and legal terms of derivatives contracts, resulting in highly bespoke and complex contracts. These contracts require signi cant manual intervention in many stages of the processing. This increases operational risk, may lead to legal risk, may limit transparency, and may result in an increase of counterparty credit risk. Proposed Actions As a result of the nancial crisis, government bodies, like the EU Commission, have identi ed policy actions to: increase transparency of the derivatives market by requiring market participants to report all the necessary information on their OTC derivatives portfolios to a TR or, if that would not be possible, directly to regulators require the publication of aggregate position information reduce counterparty credit risk and operational risk in trading through the use of CCP clearing for OTC derivatives that meet prede ned eligibility criteria and by the setting of speci c targets for legal and process standardisation, and enhance market integrity and oversight, through the use of a post- trading market infrastructure. 1.8 FinTech Learning Objective 1.1.10 Understand how regulators approach FinTech products: distributed ledger technology (DLT); cryptoassets; robo-advice, arti cial intelligence and big data, regulators' expectations on the compliance function regarding FinTech products In general terms, nancial technology (FinTech) is de ned as the use of technology to boost competitive advantage in the nancial services sector. Fintech is disruptive in that it allows newcomers in the market to provide nancial services in new and innovative ways. Fintech includes innovative mobile solutions, cryptocurrency, and arti cial intelligence (AI). New ways of working come with new challenges and require additional governance and regulations to ensure continuing stability of the nancial infrastructure. 1.8.1 Distributed Ledger Technology (DLT) and Cryptoassets Distributed ledger technology (DLT) is the technological infrastructure that allows simultaneous access, validation, and updating across a network spread out over multiple entities or locations. It is commonly referred to as blockchain technology and was rst introduced by Bitcoin in 2009. Bitcoin is a cryptocurrency that can be transferred between users without an intermediary. The change in the technological environment is fast paced and requires a new approach to regulations. Most regulators have set up a regulatory sandbox in which new technology can be trialled. This is a technology neutral approach, aimed at assessing the regulatory requirements for business models and client outcomes arising from the use of the new technologies. Regulations do not focus on the technical details but on implementation. The regulatory sandbox allows the regulator to review the implementation and assess whether new regulations are required or whether existing rules contain suﬃcient exibility for rms to use the new technology. Regulators are catching up with these developments and have been introducing new regulations such as the EU rules on cryptomarkets. The high volatility of cryptocurrency valuations makes them unsuitable for daily use since it means they do not retain purchasing power, and do not encourage spending. Stable coins have been developed in an attempt to oﬀer price stability with the lowest possible level of in ation. They are backed by a reserve asset (eg, US dollar, euro, gold) providing the stability of at currencies whilst ensuring the privacy of payments oﬀered by cryptocurrencies. 1.8.2 Robo-Advice Robo-advice or robo-advisors are digital platforms that provide automated nancial planning services with little or no human intervention. A robo-advisor collects information from customers concerning their nancial situation, future goals, and risk appetite by means of online surveys. This information is then used as input into an algorithm to provide investment advice. There is a wide range of robo-advisors in the market, with the quality and customer take-up depending on a number of key characteristics such as: ease of account setup robust goal planning account services portfolio management security features customer services level of education, and fees. Robo-advisors mostly use passive indexing strategies, are typically inexpensive and only require a small opening balance. As a result, they are open to a wide range of customers. The industry is expected to grow by 20.11% per year from $987 billion in 2020 to $2,845 billion in 2025. From a regulatory perspective, robo-advice falls under the same category of services as other nancial advice and regulations such as KYC, fair treatment of clients, and suitability of advice. Most global regulators have opted for a sandbox approach providing an environment where new developments can be tested and tried without immediately having to comply with all regulations. This approach is bene cial for both developers and regulators. It provides the opportunity for developers to understand the regulations and what they need to do to comply, and it is bene cial for regulators to have early sight of any new developments so that they can ensure the regulations are t for purpose. Robo-advisors generally have to follow the same rules and regulations as human advisors including a requirement to be authorised by the appropriate regulatory authority. In the US, robo-advisors must be registered with the SEC and are subject to the same securities laws and regulations as other broker-dealers. In addition, most are registered with the Financial Industry Regulatory Authority (FINRA), a self-regulation organisation. 1.8.3 Arti cial Intelligence (AI) and Big Data Arti cial intelligence (AI) can be applied in nancial services in the following ways: Enhance accuracy of credit scoring using algorithms and large volumes of data from a range of diﬀerent sources. Due to the absence of bias and judgement, the decision-making process is more rational. Combatting and preventing fraud and ML by identifying irregular patterns in customer behaviour and suspicious transactions. Automated trading platforms making recommendations and predictions based on algorithms that assess large volumes of data. The use of AI reallocates time to customer interaction rather than data analysis and circumvents bias and judgement. Chatbots to interact with customers applying a combination of AI and big data, addressing the simple, rules-based queries with a transfer to a customer representative for complex queries. The main advantages of using AI are that it saves time due to the capacity to analyse large amounts of data much faster than a human can, it reduces bias and judgement in decision making, and is self- learning. Big Data The term big data refers to larger, complex data sets, particularly from new data sources that can be used to address complex business problems. Big data is higher in volume, variety and velocity, and allows for more complex and complete answers. 1.8.4 Regulatory Expectations Although Fintech has been around for a while, the roll-out of new technological solutions by nancial institutions has accelerated since late 2019 in light of the coronavirus (COVID-19) pandemic to allow banks to continue their operations. Fintech, AI, big data and other technological advances provide nancial institutions with signi cant opportunities to increase customer-focused initiatives, but also present a number of challenges including regulatory expectations. In the UK, for example, Fintech companies that are considering providing nancial services may need to be regulated by the FCA and, for Fintech companies providing payment services, the Payment Systems Regulator. In 2020, the Bank of England (BoE) and the FCA in the UK have launched the Arti cial Intelligence Public-Private Forum with the aim to further dialogue on AI innovation between public and private sectors. Regulators expect rms to have appropriate corporate governance in place to manage the deployment of new systems, which includes the following: Suﬃcient involvement at board level. Engagement of risk and compliance functions. Training and development of staﬀ in general, and board members, risk and compliance functions in particular. A speci c set of Fintech of importance to compliance functions is Regtech which refers to the management of regulatory processes through technology. The following are recent initiatives in the context of compliance and Fintech: Crypto assets and stablecoins – the Financial Stability Board (FSB) has issued recommendations related to risk-proportionate regulation, supervision, and oversight. Cyber and data security in relation to cloud services. Governance of AI and machine learning solutions. Update of the Money Laundering Regulations to incorporate cryptocurrencies and prepayment cards. Updated payment services directive. The main challenges for the compliance function are associated with the speed at which new technology solutions are developed, budget and cost, and uncertainty about regulatory expectations. 2. The International Approach to Regulation 2.1 Jurisdiction of Diﬀerent Regulators Learning Objective 1.2.1 Know the jurisdiction of diﬀerent types of regulators The responsibilities of international regulatory organisations range from coordination and guidance through to setting cross-border principles and detailed rules. The following summarises the typical jurisdiction of diﬀerent types of regulators: 2.2 International Regulatory Organisations and Standard Setting Learning Objectives 1.2.2 Understand the role of international regulatory organisations: Bank for International Settlements (BIS); Financial Stability Board (FSB); The International Organization of Securities Commissions (IOSCO); European regulatory bodies: The European System of Financial Supervision (ESFS)/European Supervisory Authorities (ESAs)/The European Systemic Risk Board (ESRB); US Securities and Exchange Commission (SEC) 1.2.3 Know the role that professional bodies play in relation to regulatory requirements 1.2.4 Understand how international regulatory organisations aid the implementation of regulation in developing countries 1.2.5 Know the three objectives of securities regulation as de ned by IOSCO 2.2.1 Bank for International Settlements (BIS) Established in 1930, the Bank for International Settlements (BIS) serves as a central bank for central banks and fosters international monetary and nancial cooperation. Its customers are central banks and international organisations. The BIS does not accept deposits from, or provide nancial services to, private individuals or corporate entities. The BIS is headquartered in Basel, Switzerland. The regulatory guidelines produced by the BIS do not automatically have any force in national or international law. Countries around the world that choose to implement them do so by making changes to their own legal and regulatory processes. The International Banking Federation (IBFed), incorporated in 2004, facilitates this eﬀort. IBFed’s members are drawn from the banking associations of Australia, Canada, China, Europe, India, Japan and the US. These countries represent 700 of the world’s top 1,000 banks, and every major nancial centre. Their global reach enables IBFed to function as the key international forum for addressing legislative, regulatory and other issues of interest to the global banking industry. For countries that are required to implement international laws through membership of a trading bloc or political union, an extra layer of complexity exists when implementing the BIS regulation since the union or bloc’s laws may not be the same as the BIS requirements. The BCBS is part of the BIS and provides a forum for international cooperation on bank regulatio

Global Financial Compliance Ed10.pdf

Document Details

Tags

Related

Full Transcript

Upgrade to continue