Earlier this year, we highlighted that the regulatory agenda was growing and advancing, in response to and despite the pandemic. The latest outputs from the European Commission and ESMA underline the sheer scale and pace of regulatory change over the next couple of years.
We will discuss this theme for the financial services industry at large in this month's edition of KPMG Regulatory Horizons. The key points for investment managers, wealth managers, funds and distributors are summarised below. Investment managers will also be impacted by work on capital markets issues, including the wider MiFID II/MiFIR review, market abuse, EMIR, central securities depositaries, trade repositories, data reporting service providers and benchmarks. And some firms will be caught by changing requirements for listed companies and corporate reporting.
The overall message is that regulators and supervisors have set themselves, and therefore regulated firms, an agenda of vast scale and fast pace, to move the industry through recovery to a new reality.
Questions for CEOs
Is our management of information and communications technology (ICT) risks aligned with our business strategy? How well do we manage our ICT systems and tools? How effective is our oversight of third-party ICT providers?
How effective are our business continuity arrangements and risk management processes? Do they ensure continuity and regularity in the performance of investment services and activities?
Have we undertaken a thorough review of all aspects of our liquidity management framework? Can we evidence how we monitor investor behaviour in times of stress and what we do to mitigate potential issues? Are we enhancing our stress testing scenarios?
Are our product governance arrangements fit-for-purpose, aligned to regulatory expectations, robustly and objectively challenged, and delivering good customer outcomes?
What is our process for setting, minimising and monitoring costs and charges? Can we evidence good value for investors?
Are we preparing sufficiently quickly and fully to meet EU regulatory expectations on the incorporation of sustainability factors in our investment process, product governance, disclosures and remuneration policy?
Capital markets recovery package
The Commission's capital markets recovery package contains several measures, including changes to MiFID II, of which three are of direct relevance to investment managers:
- Reducing the amount of information provided to non-retail clients (including exemption of best execution reports and costs and charges reporting).
- Dis-applying the product governance requirements to simple products, even for retail clients.
- Introducing exceptions from the investment research rules in relation to small- and medium-sized enterprises and fixed income.
The amendments are expected to be adopted by end-2020, and the Commission is expected to produce a more comprehensive MiFID II review proposal in Q3 2021, at the earliest. Meanwhile, ESMA continues to issue consultations and review reports.
Digital finance package
This wide-ranging package aims to enable and support the potential of digital finance in innovation and competition, while mitigating the risks. It comprises a Digital Finance Strategy, draft regulations on digital operational resilience (DORA) and on markets in crypto-assets (MiCA), consequential amendments to existing legislation and a pilot regime on market infrastructure based on distributed ledger technology (DLT).
The long list of actions under the Digital Finance Strategy include: harmonised rules on customer onboarding in 2021; an interoperable cross-border framework for digital identities; an oversight framework for critical third-party ICT providers, such as cloud service providers; clarity on how financial services rules should apply to artificial intelligence (AI) applications; an open finance framework; and protections for digital finance customers.
A new digital operational resilience regulation (DORA) will establish a comprehensive framework for all regulated financial institutions. It will streamline and upgrade existing financial legislation, create more coherent and consistent incident reporting mechanisms and introduce new requirements where gaps exist, with the aim of:
- Better aligning firms' business strategies and the conduct of ICT risk management, thereby improving overall management of ICT risks and ensuring that firms can assess the effectiveness of their preventive and resilience measures and identify ICT vulnerabilities.
- Harmonising and streamlining reporting of ICT-related incidents, and increasing supervisors' knowledge of threats and incidents by enabling them to access relevant information.
- Applying testing requirements proportionately, depending on a firm's size, business and risk profile.
- Strengthening firms' oversight and ensuring sound monitoring of third-party ICT providers better to manage risks stemming from dependency on them.
- Raising awareness of ICT risk and minimising its spread through information-sharing, including allowing firms to exchange cyber threat information and intelligence.
MiCA will clarify the application of existing rules to crypto-assets and introduce a harmonised legal framework for crypto-assets not covered by existing rules, including authorisation, capital requirements, conflicts of interest, governance, custody of reserve assets, complaints handling etc.
Amendments to existing regulations include:
- UCITS, AIFMD and Institutions for Occupational Retirement Provision Directive (IORPD II) will refer to DORA as regards management of ICT systems and tools.
- MiFID II will refer to DORA, with amended provisions relating to continuity and regularity in the performance of investment services and activities, effective business continuity arrangements and risk management.
- The definition of financial instrument under MiFID II will be amended to clarify beyond legal doubt that such instruments can be issued via DLT.
ESMA's work programme
ESMA's programme (PDF 608 KB) for 2021 is set against a changing landscape, including “movement of the regulatory cycle towards supervision and enforcement” and a continued need to develop EU capital markets, “reinforced by the fact that the largest capital market has left the EU”. Activities relate to:
- developing a large retail investor base to support Capital Markets Union.
- promoting sustainable finance and long-term oriented markets.
- dealing with the opportunities and risks posed by digitalisation.
- strengthening the EU's role in global capital markets.
- ensuring a proportionate approach to regulation.
Much of the programme will directly or indirectly impact investment managers and investment funds:
- The common supervisory action (CSA) on liquidity management by UCITS will continue in 2021. ESMA will also consider experience in the use of liquidity management tools during the high market volatility caused by COVID-19 to assess whether any further convergence work is needed.
- Follow-up work on the cost and performance of retail investment products, including proper implementation of the 2020 guidance on performance fees and briefing on the supervision of costs, and possible continued coordination of NCAs' work on closet indexing. A CSA on costs and fees will be launched in 2021 with the aim of increasing convergence in the supervision of costs in UCITS and AIFs, including securities lending fees and costs.
- In 2020/21, a thematic focus on the authorisation and supervision of ESG funds and further work on draft RTS on ESG disclosures in PRIIP KIDs.
- Follow-up to the previous peer review on the guidelines on ETFs and other UCITS issues.
- Updated guidelines on money market fund stress testing.
- Use of the fund stress simulation framework to assess the resilience of the industry and identify potential vulnerabilities in funds.
- In 2022, a discretionary peer review on the depositary obligations under the UCITS Directive and AIFMD, focusing on the oversight and safekeeping functions of depositaries.
- Co-operation with the EBA on the development of Level 2 rules for the new prudential framework for investment firms.
- Work on MiFID II/MiFIR topics, including follow-up on the previous peer review on certain aspects of the compliance function under MiFID I, costs and charges, product governance, assessing any need to exercise product intervention powers and, in 2020/21, a CSA on suitability (including the element of cost).
- Possible additional Level 2 and 3 work arising from the Commission's reviews of AIFMD, the UCITS Directive and the PRIIP KID Regulation.
- In the context of the Regulation on facilitating cross-border distribution of funds: Level 2 rules, relevant IT tools (including central databases), guidelines on the application of the requirements for marketing communications, and a first report on marketing requirements and marketing communications.
- In 2021, a peer review on NCAs' handling of applications to relocate business from the UK to the EU in the context of Brexit.
- Work required by MiFIR/MiFID II, as modified by the Investment Firm Regulation, on the changes to the third-country regime for the provision of investment services by third-country firms; additional co-operation agreements; issues arising from the monitoring of third country firms' activities; exercise of powers in relation to registered third-country firms; and support on equivalence assessments.