EMEA Centre for Regulatory Strategy in Financial Services UK
- Select a blog category
On 6 October 2016, the European Banking Authority (EBA) launched a consultation on its draft “Guidelines on Information and Communication Technology (ICT) Risk Assessment” (the Guidelines) under the Supervisory Review and Evaluation Process (SREP). The consultation runs until 6 January 2017.
On 28 September the Financial Conduct Authority (FCA) released a Policy Statement setting out its final rules on regulatory references under the Senior Managers and Certification Regime (SMCR). The Policy Statement is relevant for deposit-takers, Prudential Regulation Authority (PRA) investment firms, insurers, solvency II insurers and non-directive insurers and will be of particular interest to those individuals who seek regulatory approval to perform a Senior Management Function (SMF); a Significant Insurance Management Function; an FCA controlled function or a Significant Harm Function (SHF).
‘Our implementation proposals do not mean significant changes to CASS as MIFID II is broadly aligned. We therefore think firm impact will be small’ – FCA, MIFID II Implementation – Consultation paper II CP16/19.
Senior Managers and Certification Regime | Changes to Functions, Responsibilities and Scope of Conduct Rules
On 28 September, the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) issued a suite of publications setting out a number of proposed amendments and optimisations to the Senior Managers and Certification Regime (SMCR) for banking firms. In addition to providing feedback on firms’ grandfathering submissions they introduce a number of changes which will impact existing Senior Manager Function holders (SMFs).
Following the entry into force of the revised Payment Systems Directive (PSD2) on 12 January 2016, in August the European Banking Authority (EBA) published the draft regulatory technical standard (RTS) to define how, in practice, Access to Accounts for Third Party Providers (TPPs) 1 and enhanced security and authentication requirements, two key pillars of the directive, will be implemented.
On 14 September, the EU Parliament voted to reject the EU Commission’s Delegated Regulation on the Packaged Retail and Insurance-based Investment Products Regulation (PRIIPs). This is the first time that the EU Parliament has formally rejected technical rules on financial services legislation. The Delegated Regulation, based on the final draft Regulatory Technical Standards (RTS) prepared by the European Supervisory Authorities (ESAs), dated 31 March 2016, was rejected as “so flawed and misleading that it could actually lose [retail investors] money”. MEPs overwhelmingly passed the resolution rejecting the RTS (by 602 votes to 4, with 12 abstentions), calling for the EU Commission to submit a new RTS taking into account the EU Parliament’s concerns about the text. The Parliament also called on the EU Commission to postpone the application date of PRIIPs.
As is now customary, the Financial Stability Board (FSB) published a slew of reports ahead of the G20 Leaders’ Summit in Hangzhou. These documents included a second progress report, published on 1 September, on measures to reduce misconduct risk in financial services. This follows a workplan agreed in May 2015, and a first progress report in November 2015. The latest report describes progress made since the end of 2015.
Firms subject to Senior Managers and Certification Regimes (SMCR) are obligated to capture, assess, and report breaches of Conduct Rules by individuals who are in scope of the rules. Holding individuals to account is a core concept of the new regime.
The Financial Conduct Authority (FCA) has published its further consultation paper on the future of payment protection insurance (PPI) complaints. CP 16/20 adds further detail to the regulator’s plans to bring the ongoing issues raised by the historic sales of PPI to an orderly close, with a final date for making new complaints now estimated for June 2019.