Search This Blog

Wednesday, 27 September 2017

FCA to Regulate All Employees Of Financial Firms

The Financial Conduct Authority is consulting on the extension of its "Senior Managers and Certification Regime" (SM&CR) to all firms that are regulated by the FCA under the Financial Services and Markets Act 2000 (which excludes e-money/payment institutions, for example, unless they have dual authorisations).

This will replace the "Approved Persons" regime and extend some requirements to all employees

Consultation ends on 3 November, and the extension is likely to take effect from early in 2018. 

This means you should study the proposals and begin to plan how to comply, particularly as HR staff/advisers will also need to be involved.


Wednesday, 20 September 2017

Consultation: Contract Guidance for Data Controllers/Processors Under #GDPR

The Information Commissioner has published draft guidance for data controllers and processors on their contracts and liabilities under the General Data Protection Regulation, for comment by 10 October 2017. GDPR takes effect in the UK from 25 May 2018, but a lot of preparation is required, including reviewing and updating contracts for personal data processing.

The guidance is intended to explain what data controllers must include in contracts; and what responsibilities and liabilities data processors have under the GDPR.

As a sign of the complexity and uncertainty in this area, the ICO adds that its guidance "will need to continue to evolve to take account of any guidelines issued in future by relevant European authorities... as well as our developing experience of applying the law in practice"...


Tuesday, 19 September 2017

FCA Publishes Final Approach and Rules Implementing #PSD2

The FCA has today published its final policy statement on how it will supervise the Payment Services Regulations 2017 (implementing the second Payment Services Directive, or PSD2).

I haven't digested it fully yet, but following earlier consultations, the FCA explains that it has amended its approach in various respects, particularly, its perimeter guidance on the new account information services and payment initiation services, complaints handling and reporting and conduct of business requirements. There is a table summarising the updates on page 6 of the policy statement.

I may post on any significant changes separately.

Further updates will be required when certain regulatory/implementing technical standards (RTS/ITS) and EBA Guidelines are finalised in late 2017 and early 2018, including EBA Guidelines on operational and security risk, and fraud reporting.

In the meantime, various draft application forms for authorisation and reporting have been published, with the final versions to be available for applications from 13 October 2017.  As explained in my earlier post, the FCA recommends waiting until then, even if you are making an application under the current regulations - otherwise it will need to be updated or re-assessed.


Tuesday, 12 September 2017

FCA Weighs In On #InitialCoinOfferings

The Financial Conduct Authority has just published its thoughts on "initial coin offerings" (ICOs), the issue of cryptographic tokens or 'currency'. There is already a wide variety of purposes for ICOs, making them much harder to classify than your typical stock market "initial public offering" (or IPOs) with which some people seem to be equating them.  The FCA has also provided links to guidance from: 
Many additional risks also arise from the fact that the nature of the 'coins' or cryptographic currency and whether there is a market for those - quite apart from the purpose for which funds are being raised and/or invested in - as well as the distributed ledger in which they and related transactions are based. We are a long way from the usual stakeholders (like regulators) understanding and engaging with the new technology, let alone standardising any kind of process for doing ICOs as 'efficiently' as IPOs or even traditional technology projects (hopefully more so!).

I have no reason to think ICOs won't necessarily become fairly commonplace in due course, but it's appropriate for the regulators to be treading cautiously at present - although they should be supportive of genuine attempts to innovate in this area and engage positively with issuers while warning investors of the risks.

Here's a helpful ICO 'tracker' from CoinDesk.

 


Monday, 11 September 2017

Top Tip: Make Any UK Applications Under #PSD2 From 13 October 2017

The FCA has published several web pages explaining the new authorisation/registration process under the Payment Services Regulations 2017 ("PSRs 2017") and similar process in the existing Electronic Money Regulations 2011 ("EMRs") that are updated by the new PSRs 2017. Basically, firms are "strongly encouraged" by the FCA to make their applications on or after 13 October 2017.

For payment institutions:
"You will be able to submit applications under PSD2 from 13 October 2017, giving you the opportunity to become registered or authorised under the PSRs 2017 from 13 January 2018.
Rather than applying under the PSRs 2009, you are therefore strongly encouraged to make your application under the PSRs 2017, on or after 13 October 2017.
If you decide to apply under the PSRs 2009 and we have not determined your application by 13 January 2018, we will treat your application as being made under the PSRs 2017. This means you will be required to provide more information to us, as required under the new regime [which would likely slow the process down]. If we have determined your application under the PSRs 2009 by 13 January 2018, you will need to submit an application to re-register or become re-authorised under PSD2 and the PSRs 2017, and pay an additional application fee.
Businesses applying for re-authorisation under PSD2 will need to submit a complete application by 13 April 2018 in order to continue operating on or after 13 July 2018.
Businesses applying for re-registration will need to submit a complete application by 13 October 2018 in order to continue operating on or after 13 January 2019."
For e-money institutions:
"You will be able to submit applications under PSD2 and the amended EMRs, from 13 October 2017, giving you the opportunity to be registered or authorised under the new regime from 13 January 2018.
Rather than applying under the current EMRs, you are therefore strongly encouraged to make your application under PSD2 and the amended EMRs, on or after 13 October 2017.
If you decide to apply under the current EMRs and we have not determined your application by 13 January 2018, we will treat your application as being made under the amended EMRs. This means you will be required to provide more information to us, as required under the new regime [which would likely slow the process down]. If we have determined your application under the current EMRs by 13 January 2018, you will need to submit an application to re-register or become re-authorised under PSD2 and the amended EMRs, and pay an additional application fee.
Businesses applying for re-authorisation or re-registration under PSD2 will need to provide all the information we need with an application by 13 April 2018 in order to continue operating on or after 13 July 2018."