Posts by: Amy Roper

EBA Publishes Discussion Paper on Approach to Fintech

 

On August 4, 2017, the European Banking Authority (“EBA“) published its discussion paper (EBA/DP/2017/02) on its approach to fintech.

During the spring of this year, the EBA undertook a fintech mapping exercise in order to gain a better insight into the financial services offered and financial innovations applied by fintech firms in the EU, and their regulatory treatment. Competent authorities in 22 member states and two EEA states provided estimates on the current number and expected growth of fintech firms established in their respective jurisdictions. They also provided information on certain of the fintech firms, detailing information on the main financial innovations applied, main financial services provided, regulatory status and target end-users.

The EBA considers that there is merit in it undertaking follow-up work in several areas, as a result of the mapping exercise, work completed by other intergovernmental and EU bodies relating to fintech and previous work that the EBA has done on specific innovations. These areas relate to:

  • Authorization and sandboxing regimes.
  • The impact on the prudential risks for credit institutions and electronic money institutions.
  • The impact of fintech on the business models of the above institutions.
  • Consumer protection and retail conduct of business issues.
  • The impact of fintech on the resolution of financial firms.
  • The impact of fintech on anti-money laundering and countering the financing of terrorism.

In relation to the above areas, the discussion paper points out the issues, summarizes the EBA’s work to date to address them, identifies possible gaps and outlines the additional work that the EBA may wish to pursue. The objective of the discussion paper is to seek the opinions of external stakeholders on the EBA’s assessment and on the comprehensiveness and viability of the possible future work in the areas identified.

Comments can be made until November 6, 2017 and there will be a public hearing on October 4, 2017. The EBA will then assess the responses with the aim of deciding the further steps to be taken during 2018.

EBA Consults on Fraud Reporting Requirements under PSD2

 

On August 2, 2017, the EBA published a consultation paper (EBA/CP/2017/13) on its draft guidelines on reporting requirements on statistical data on fraud under Article 96(6) of the Directive on payment services in the internal market ((EU) 2015/2366) (PSD2).

One of the goals of PSD2 is to increase the security of retail payments in the EU. The aim of the EBA’s proposed guidelines, which have been developed together with the European Central Bank (ECB), is to ensure that the high-level fraud reporting requirements under PSD2 are implemented consistently among member states, and that the aggregated data provided by competent authorities to the EBA and the ECB is reliable and comparable.

The guidelines propose requirements applicable to all payment service providers (PSPs), but excluding account information service providers, and also set out requirements that are applicable to all competent authorities in the EU. The meaning of “fraudulent payment transactions” is also defined for the purpose of the data reporting under the guidelines. Periodic reporting requirements on payment transactions and fraudulent payment transactions are also included in the guidelines, together with the methodology for collating ad reporting data.

The consultation closes on October 31, 2017, after which the final guidelines will be published. A public hearing on the guidelines is being held by the EBA on October 5, 2017.

EBA Reports on Funding Plans and Asset Encrumbance

 

On July 31, 2017, the EBA published the following reports on EU banks’ funding plans and asset encumbrance:

  • Funding plans. The report assesses the feasibility of EU banks’ funding plans submitted to the EBA. It was drafted in response to the European Systemic Risk Board’s (ESRB) recommendations on the funding of credit institutions. The funding plans reported in accordance with the EBA guidelines published in July 2014 on harmonized definitions and templates for funding plans of credit institutions, form the basis of the analysis. Data was collected from a sample of the largest banks in each member state, including Barclays plc, HSBC and Lloyds. Report.

Asset encumbrance. The EBA monitors asset encumbrance in order to assess whether changes have broader implications for access to unsecured instruments. The report mainly uses data from 2016, which highlights a small increase in the level of asset encumbrance across the EU compared with the figures for 2015 and 2014. The report also demonstrates a wide dispersion of asset encumbrance across countries and institutions. This report is the EBA’s third report which analyses asset encumbrance in EU banks, having published the previous report in June 2016. Report.

EBA Launches Supplementary Data Collection on Revision of Investment Firm Prudential Framework

 

On July 6, 2017, the European Banking Authority (“EBA“) published a press release announcing the launch of a supplementary data collection relating to its proposals for a revised prudential framework for investment firms. It also published a template for investment firms authorized under the Markets in Financial Instruments Directive (2004/39/EC) (MiFID) with instructions.

This exercise follows up on the first data collection launched on July 15, 2016, and the discussion paper published by the EBA on November 4, 2016, in which the EBA consulted on its proposals for developing a new prudential framework.

The EBA notes that, following feedback to the discussion paper, it has improved its initiation proposals concerning primarily the calculation of capital requirements based on risk proxies (known as “K-factors“) under the following three types of risk: (i) risk to customers (RtC), risk to market (RtM) and risk to firm (RtF). It has decided to undertake a supplementary data collection to allow for a complete calibration of all the relevant aspects of the new prudential regime and a final impact assessment of its proposal on regulatory capital requirements. The data collection has been designed to reduce that burden by limiting the number of variables requested to the minimum necessary to accomplish the intended purpose.

The deadline for firms to submit completed templates to the relevant national competent authorities is August 3, 2017.

European Commission Adopts Implementing Regulation on Its Own Supervisory Reporting to Reflect IFRS 9 Changes to FINREP

 

On July 5, 2017, the European Banking Authority (“EBA“) published a press release announcing that the European Commission (EC) adopted an Implementing Regulation on June 29, 2017, which amends the Implementing Regulation on supervisory reporting of institutions (Regulation 680/2014) under the Capital Requirements Regulation (Regulation 575/2013) (CRR). The text of the Implementing Regulation and its Annexes has been published by the Commission.

The changes relate to the provisions in Regulation 680/2014, which concern financial reporting (“FINREP“) and are intended to align these provisions with International Financial Reporting Standard 9 (IFRS 9). Regulation 680/2014 includes FINREP requirements that are founded on international accounting standards and must be updated in line with any updates made to the relevant accounting standards.

It is now time for the Implementing Regulation to be published in the Official Journal of the EU (OJ). It will apply from March 1, 2018.

European Commission Guidelines on Application of PRIIPS Regulation

 

On July 4, 2017, the European Commission adopted a communication containing guidelines on the application of the Regulation on key information documents (“KIDs“) for packaged retail and insurance-based products (“PRIIPS“) (Regulation 1286/2014) (PRIIPS Regulation).

The PRIIPS Regulation lays down rules on the content and format of the KID to be drawn up by PRIIP manufacturers and on the provision of the KID to retail investors and those selling or advising on the products. By smoothing out potential interpretative divergences throughout the EU, the guidelines hope to help providers and distributors of investment products, funds and investment insurance policies design their KIDS. Along with several others, the guidelines address the following issues:

  1. products covered by the PRIIPS Regulation;
  2. products made available to retail investors against no consideration;
  3. multi-option PRIIPS;
  4. insurance-based investment products with PRIIPS and non-PRIIPS as underlying investment options;
  5. territorial application;
  6. use of KIDs by UCITS;
  7. PRIIPS only sold by intermediaries;
  8. distribution of a PRIIP without a KID; and
  9. a non-PRIIP product offered alongside a PRIIP.

The communication was published in the Official Journal of the EU (OJ) on July 7, 2017, as 2017/C 218/02. Firms must comply with the Regulation from January 1, 2018.

Econ Draft Report on Proposed Regulation Amending CRR as Regards Transitional Period for Mitigating Impact on Own Funds of Introduction of IFRS 9

 

On June 8, 2017, the European Parliament’s Committee on Economic and Monetary Affairs (“ECON“) published its draft report on the proposed Regulation amending the Capital Requirements Regulation (Regulation 575/2013) (“CRR“) regarding the transitional period for mitigating the impact on own funds of the introduction of International Financial Reporting Standard 9 (“IFRS 9“) and the large exposures treatment of certain public sector exposures denominated in non-domestic currencies of member states.

The European Commission’s November 2016 legislative proposal for a Regulation amending the CRR (“CRR II Regulation“) contained transitional provisions relating to IFRS 9 and the large exposures treatment of certain public sector exposures. The explanatory statement to the draft report explains that the Presidency of the Council of the EU proposed that these provisions should be split from the proposed CRR II Regulation and dealt with in a separate draft Regulation “to allow for a timely entering into force of these transitional provisions.” The European Parliament’s Conference of Presidents approved the proposed split in May 2017. On June 1, 2017, the Council of the EU published the final Presidency compromise proposal relating to the split-out Regulation.

The draft report contains a European Parliament legislative resolution on the Regulation, the text of which sets out suggested amendments to the proposed CRR II Regulation that reflect the splitting out of the transitional provisions into a separate Regulation. The amendments delete provisions in the CRR II Regulation that do not relate to the transitional provisions. The report states that the deleted parts will be covered in a separate ECON report. It also contains an explanatory statement by the rapporteur, Peter Simon.

European Commission Mid-Term Review of CMU Action Plan: Financial Services Aspects

 

On June 8, 2017, the European Commission published a communication on the mid-term review of the capital markets union (“CMU“) action plan (COM(2017) 292). This follows the action plan published by the Commission in September 2015, which set out its proposed initiatives relating to the establishment of the CMU, and the consultation paper published by the Commission in January 2017, which sought targeted input on revisions to the CMU action plan that would feed in to its mid-term review of the action plan.

The purpose of the mid-term review is to set out an additional set of actions that complement the initiatives laid down in the action plan that have not yet been completed. It consists of:

  • Initiatives that follow on from completed work announced in the action plan:
    • The Commission has confirmed that it intends to proceed with legislative proposals on (i) the Pan-European Personal Pension Product (PEPP); (ii) conflict of laws rules for third-party effects of transaction and securities and claims; and (iii) an EU framework for covered bonds.
    • The Commission also intends to proceed with further work on initiatives relating to commitments announced in the action plan, including (i) amendments to the Solvency II Delegated Regulation ((EU) 2015/35); (ii) recommendations on private placements; (iii) communication on a roadmap for removing barriers to post-trade market infrastructure; and (iv) communication on corporate bond markets.
  • New priority initiatives intended to strengthen the CMU action plan:
    • The initiatives relate to issues including (i) the functioning of the European Supervisory Authorities (ESAs); (ii) prudential treatment of investment firms; (iii) Fin Tech; (iv) non-performing loans (NPLs); and (v) cross-border investment funds.

The Annex to the mid-term review contains a consolidated list of the CMU initiatives and the proposed timings for those initiatives.

European Commission Adopts Delegated Regulation Amending Solvency II Delegated Regulation On Infrastructure Corporates

 

On June 8, 2017, the European Commission adopted a Delegated Regulation amending the Solvency II Delegated Regulation ((EU) 2015/35) concerning the calculation of regulatory capital requirements for certain categories of assets held by insurance and reinsurance undertakings (infrastructure corporates) (C(2017)3673 final). An impact assessment and executive summary were published alongside the Delegated Regulation.

The Solvency II Delegated Regulation was amended, with effect from April 2016, to provide for appropriate risk calibrations for qualifying infrastructure projects, but not infrastructure corporates. EIOPA submitted a report to the Commission in June 2016, which set out technical advice on infrastructure corporates and recommended several changes to the previous treatment of infrastructure projects. This included amendments to the definition and qualifying criteria for infrastructure projects to avoid inadvertent exclusion of investments in those projects with a better risk profile.

The amendments to the Delegated Regulation will reduce the capital charges attached to investments by insurance companies in infrastructure companies. The aim is to remove regulatory barriers to investment opportunities in infrastructure that fulfill a number of criteria and are considered to have a better risk profile. The amending Delegated Regulation forms part of the Commission’s wider efforts on capital markets unions (CMUs) to support insurers in their role as long-term investors in the EU economy.

It is now for the Council of the EU and the European Parliament to consider the amending Delegated Regulation. Should neither the Council nor the Parliament object to the amending Delegated Regulation, it will be published in the Official Journal of the EU (OJ). It will enter into force on the date following its publication in the OJ and will apply from that date.

New FCA Web Page on Cyber Resilience

 

On May 18, 2017, the FCA published a new Web page on cyber resilience.

The FCA notes that cyber risks pose a threat to all financial services firms. Firms should be aware of the threat, able to defend themselves effectively, and respond proportionately to cyber events.

The FCA’s goal is to help firms become more resilient to cyberattacks while ensuring that consumers are protected and market integrity is upheld. To achieve this, firms of all sizes should:

  • Develop a “security culture” from the board down to every employee.
  • Be able to identify, prioritize and protect their information assets (that is, hardware, software and people).
  • Detect breaches.
  • Respond to and recover from incidents.
  • Constantly evolve to meet new threats.

Under Principle 11 of the FCA’s Principles for Businesses, firms must report material cyber incidents. A firm may consider an incident to be material if it:

  • Results in significant loss of data or the availability or control of the firm’s IT systems.
  • Impacts a large number of victims.
  • Results in unauthorized access to, or malicious software present on, the firm’s information and communication systems.

These requirements will be updated in line with any future regulations.

Where a firm considers an incident to be material for Principle 11 purposes, it should report this to the FCA and other relevant authorities, including the PRA if the firm is dual-regulated, and to the Information Commissioner’s Office (ICO) if the incident is a data breach.

The FCA states that cybersecurity is a shared responsibility. It takes a cooperative approach to address the threat, working with government and other regulators, nationally and internationally. The Web page contains a link to the National Cyber Security Centre (NCSC) website, together with links to relevant FCA publications.