The FCA's New 'Consumer Duty'

The UK's Financial Conduct Authority is consulting on the introduction of a new "consumer duty" that will apply to regulated firms in relation to their regulated activities by 31 July 2022. This follows the report on a previous consultation in April 2019. The FCA is holding a webinar on the proposals on 10 June 2021; and comments will be open until 31 July 2021. The rules would be consulted on by 31 December 2021. Please let me know if I can help.

Broadly, this would require firms to act in ways that enable retail customers to obtain the outcomes they should be able to expect from the firm's products and services, rather than to hinder customers obtaining those outcomes. This effectively puts firms (and, significantly, the FCA) in the customers' shoes. 

This may require some firms to radically alter their culture and behaviour to focus on consumer outcomes, and putting customers in a position to act and make decisions in their own interests. 

There will be three elements to the new duty:

• A new consumer principle: "a firm must act in the best interests of retail clients" or "a firm must act to deliver good outcomes for retail clients". 
• Broad rules that would require firms to take all reasonable steps to avoid foreseeable harm to customers and enable customers to pursue their financial objectives; to act in good faith. 
• More detailed rules and guidance on firms' conduct relating to four specific outcomes: communications; products and services; customer service; and price and value. 

The FCA is also consulting on the potential benefits of attaching a private right of action to the new duty, and what any unintended consequences of this might be. 

Critics of the FCA's approach to consumer outcomes in the wake of various 'scandals' over the years will be hopeful that this new duty will see the FCA aligned with consumers, rather than tending to protect its own reputation, the 'financial services industry' and the firms its regulates.

Low Take-Up Of UK Temporary Permissions Regime By EEA Firms With UK Passports?

According to the FCA's figures in August 2016, the end of financial services passporting between the EEA and the UK was going to leave 5,476 UK finance firms potentially needing a new passporting 'hub' in one of the remaining 27 EU countries and 8,008 EEA firms potentially needing a UK base to cover their UK offerings. So, how many have acted?

There has definitely been a scramble by UK firms to set up in the EU27, although the figures are spread across multiple registers, and regulators do not disclose the numbers of applications that are still in progress. The Central Bank of Ireland claimed "well over 100" in September 2019, for example, with similar numbers thrown out by others. 

Not all firms might use their passports, of course. It's quite straightforward to take advantage of the passporting regime - a simple notification to your home state regulator, which then notifies the various host state regulators. And there's no obligation to actually use a passport. Many firms will have ticked the box for all EEA countries to avoid inadvertently committing an offence wherever their customers happened to reside. And the picture is perhaps distorted by non-EEA corporations who were using the UK as their passport hub, so their new Irish subsidiary would not count as an application by a UK parent.

There has been less pressure on EEA firms who operate under passports in the UK because the FCA offered a Temporary Permissions Regime (TPR) that allows them to continue trading for 3 years as if they were passporting. The registration deadline has been extended each time Brexit has been delayed, so the current deadline is 30 January 2020. However, it's likely that most, if not all, EEA firms that were intending to use the TPR option will have already registered, although some newly authorised firms could still squeeze in (e.g. new FinTech firms).

At any rate, the Financial Conduct Authority has responded to a Freedom of Information Act request with the news that 1,441 EEA-based firms had applied for the TPR by October 2019. Of those, 228 are based in Ireland, 170 in France, 165 in Cyprus and 149 in Germany. 

If this is to be considered a high take-up of the TPR option, then it would appear that only about 18% of EEA passports into the UK were actually being used. That's perhaps not unreasonable, given the tick-box approach to passporting to avoid inadvertently committing an offence in the UK in the event that they ended up with UK customers.

In any event, these 1,441 firms now have until 30 January 2023 to decide whether to set up offices in the UK and get authorised locally, to the extent they continue to serve the UK market.

Any Form Of Brexit Means #NoDeal For Export Of British Services

An excellent event at the Institute of Directors today on the impact of Brexit on Britain's trade in services - congratulations to all the speakers. This is vital to understand and address in some detail, because services amount to 80% of the UK economy, 80% of UK jobs, a third of UK exports of which 40% go to other EU countries based on the principle of free movement of services. Yet most services are not covered by free trade deals with third countries. So even if Britain were to leave the EU and eventually negotiate trade deals, that wouldn't help UK exporters of services. There will always be "No Deal" for most services, so the UK's "No Deal" warnings are permanent for services. This is why Liz Truss is suddenly making "liberalising trade in digital and services" one of three priorities at the WTO. She's too late, and it will never happen for the reasons given below, so it's time to get cracking on mitigation...

While the problem for services post-Brexit isn't news to me, I'm still absolutely stunned to see so little information about it in the media. Partly it's the age-old assumption that 'business' means 'big business' while nearly all UK businesses are small - 99% of UK businesses (5.7m) employ fewer than 250 people. Only 8,000 UK businesses employ more than 250 people.  

5.4m UK businesses are 'micro-enterprises' who are either sole traders or employ up to 9 people.

'Businesses' are people - many of them sole traders selling their time and expertise across the EU. Eve online, business is personal.

I've posted on the impact of Brexit on services many times, here and on Pragmatist and for several law firms. I've tended to focus on the Brexit impact on financial services because that's my main area of expertise - and they are the largest of the UK's services exports, relying on valuable EU passporting rights which they will lose. As a result, 7000 jobs have moved so far, with more to follow if Brexit proceeds, and the costs of splitting capital/liquidity to support separate EU subsidiaries will cost customers €60bn a year by 2030.

But I've also mentioned the need for a new basis for transferring personal data from the EU27 to the UK, and I've even shared my own personal Brexit-proofing journey in adding Irish qualifications and consulting to an Irish law firm, for the same reason that it makes sense to switch EU contracts from English law to Irish law.

So I was thrilled to learn of today's event and I was not disappointed. I'm sharing my notes (anonymised) and I understand the video will be available via the IoD site. Worth watching! 

What laws govern the export of services?

Every country regulates what services can be offered to its residents to some degree. Regulations get tougher the more money residents might lose, or the greater the gap in knowledge between the service provider and the customer - that's why financial services are so heavily regulated.

Permitting foreign service providers to sell their goods or services in your country is a matter of trust and control, or political will and legislation ("trust is good but control is better").

Trade law on goods developed first, and rules on services followed - in particular:

1. EU membership entitles firms to free movement of services based on mutual recognition of professional/trade qualifications and legislation that ensures individual member states don't drop their standards or supervision. That freedom falls away on Brexit day (subject to any agreed transition).
2. Some services remain unregulated today (e.g. management consultants) and some are given mutual recognition status only at trade body level rather than by governments (e.g. architects). That shouldn't change on Brexit.
3. Some regulation is based on outcomes, rather than dictating how qualifications are actually obtained or what subjects have to be studied to gain 'equivalence' or 'mutual recognition' (e.g. lawyers). This could diverge on Brexit, and 'equivalence' findings and mutual recognition will not automatically apply, can take a long time to be granted and are subject to withdrawal on little notice without appeal.
4. Financial services passporting represents the most advanced form of free movement in services, since authorisation in one EU member state allows certain services to be provided in all member states. That will not be possible after Brexit (subject to any transition).
5. In stark contrast to financial services passporting, the 'equivalence' regime that is available to third countries (and post-Brexit UK) is only available for certain types of financial infrastructure (e.g. exchanges) and some investment services, and can be withdrawn without appeal on 30 days notice (e.g. Swiss stock exchange) - so equivalence is not reliable.
6. Other services that can be supplied to EU countries after Brexit will be based on a patchwork of national access rights, which vary in terms of scope and conditions.
7. Outside the scope of EU trade rules (and where only minimum standards are set), the member states (like any other country in the world) can set tougher standards where they see greater potential adverse impact. The UK will be treated like any other non-EU country for that purpose. The UK government has tried to helpfully list where different EU countries have different rules for different services (will that stay up to date?). 
8. There is a WTO rule (article 7 of GATS) aimed at preventing one member country from discriminating against another member ('most favoured nations' or 'MFN').  Free trade agreements also contain MFN clauses that require one party to offer the other any similar benefit that has been offered to another country. The EU seems to ignore the WTO requirement (which the Swiss have complained about to no effect so far), but does allow MFN clauses in its free trade deals with very limited scope (won't cover mutual recognition or equivalence decisions, for example, just legislation and 'national treatment'). Critically, the EU insists on its own regulatory autonomy. Only the  European Commission (and ultimately the European Court of Justice) can decide whether a service etc meets EU rules. 

Immigration and visa restrictions go hand-in-hand with constraints on services, since people often have to be physically present to provide services.  So free movement of labour is also critical to the free movement of services. That freedom entitles Brits to live, work and retire freely in 30 countries, but is lost on Brexit. Related entitlements to healthcare and so on will also fall away...

What are the practical impacts of Brexit?

Well, if you're among the 5.4m 'micro-enterprises' and export goods or services to the EU, the VAT rules will be a big problem. You currently benefit from hard-fought exceptions under the VAT Mini One Stop Shop (MOSS), but those will disappear on Brexit day (what if part way through contracts?). The HMRC warning states:

Businesses that want to continue to use the MOSS system will need to register for the VAT MOSS non-Union scheme in an EU member state. This can only be done after the date the UK leaves the EU. The non-Union MOSS scheme requires businesses to register by the 10th day of the month following a sale. Alternatively, a business can register in each EU member state where sales are made.

EU consumers are already ceasing to buy from UK suppliers, and EU suppliers are geo-blocking UK customers and suppliers from applying to their sites. So forget bidding for service contracts from the UK, and many EU business people have stopped traveling to do business in the UK.

Work permits will be needed after Brexit, but can’t be applied for before then. These may be needed for speaking at conferences (unless asked a question first), giving training sessions, working on projects and so on.

Booze cruise etc to the EU for cheaper, duty free consumer goods may impact small retailers and their service providers.

If you're a director of a company, you have a duty to promote the success of the company, as well as a duty to exercise reasonable care, skill and diligence. You need to be able to demonstrate that in the context of Brexit - which is a known unknown. That would likely include: board discussions, a sub-committee, minutes, briefing papers, presentations, risk registers, scenario planning, supply chain analysis to identify suppliers at risk who may need to be replaced/helped (using the wrong type of pallet, say, or their trucks may be allowed into the UK by UK authorities, but will struggle to back into EU); and resolutions taking action to address threats and opportunities.

What can you do if your services are impacted? It depends on threats and opportunities identified, but some examples:

• Set up a new subsidiary in an EU27 member state;
• Rewrite contracts with new governing law and other pertinent changes;
• Establish a new basis for transferring personal data from EU customers/suppliers to the UK;
• Consider the tax impact of moving business activity to an EU27 country (or, for instance, whether withholding tax exemptions still work for entities owned by UK companies)

Time to get cracking!

Preparing for the FCA's Senior Managers & Certification Regime (SM&CR)

The FCA has published its finalised guidance on statements of responsibilities (SoRs) and responsibilities maps for FCA firms under the senior managers and certification regime (SM&CR), which will be extended to all FCA authorised firms on 9 December 2019.

Under the extension of SM&CR, all senior managers of FCA-regulated firms are required to have an SoR setting out their responsibilities and certain firms must have a responsibilities map showing how their firm is managed and governed.

The guidance explains the purpose of the SoRs and responsibilities maps, questions for firms to ask themselves, and examples of good and poor practices. 

Firms will also likely need some additional clauses in their employment/directors’ services contracts for senior managers. 

Time To Get Excited About... The SM&CR!

The FCA has produced a webpage to explain the extension of the "Senior Managers and Certification Regime" (SM&CR) from banks etc. to all FCA-regulated firms from 9 December 2019. 

The SM&CR replaces the "Approved Persons Regime" because it's a bit embarrassing that no senior managers went to jail for their part in the financial crisis and the FCA needed to show that was just because they needed new powers  it lacked 'teeth'.

There's even a video 'explaining it' in full corporate jargon for those who want to sound really important when talking about SM&CR but not actually say anything meaningful about it. 

You can work out the type of firm yours is and how SM&CR will affect you using a marvellous "firm checker" decision tree; or a snappy 76 page guide. 

The FCA believes the impact this regime will have is "profound"...

Is Your Financial Services Provider Ready For A #NoDeal Brexit?

With a 'No Deal' Brexit now central to Tory government strategy, it's critical to ensure the right financial contingency plans are in place for a 'cliff edge' exit with no transition period from 29 March 2019. Unfortunately, however, the European Banking Authority says it is seeing "little evidence of financial institutions communicating effectively to their customers on how they may be affected by the UK withdrawal" and those institutions' Brexit arrangements. So customers have to question their providers about those arrangements. Here's a quick guide to steps those institutions might take, depending on whether they are based in the UK or elsewhere in the EEA... if you do not receive credible, satisfactory commitments to service continuity from existing providers within the next few weeks, you should set-up alternative and/or back-up relationships as soon as possible.

EEA-based firms supplying services into the UK

These firms will have a short window ahead of Brexit day in which to seek temporary regulated status:

• temporary permission to continue operating in the UK for a limited period after Brexit if they currently passport into the UK under the Financial Services and Markets Act 2000 (FSMA) or the e-money or payment services regimes;
• temporary recognition if they are third country central counterparties; or
• temporary registration if they are EU-registered trade repositories. 

If EEA-based firms carry out operations in the UK after Brexit in reliance on EU legislation without entering into these temporary regimes, they may be carrying on regulated activities in the UK without appropriate permissions, which would be a criminal activity and/or mean they cannot meet their contractual obligations.

EEA firms that do not gain full authorisation through the temporary regimes can only continue to carry out new business to the extent necessary to 'run-off' pre-existing contractual obligations in the UK for five years (15 years for firms performing obligations under insurance contracts). They cannot undertake new business or agree new contracts with UK customers. A "supervised run-off" arrangement applies to those firms with a UK branch, firms who enter a temporaty regime but exit it without UK authorisation and firms that hold top-up permissions before Brexit. A "contractual run-off" regime will apply to firms without a UK branch that do not enter a temporary regime or do not hold a top-up permission; and will apply for the purposes of winding down UK regulated activities in an orderly manner.   Firms with a UK establishment will retain their existing membership of the Financial Services Compensation Scheme. 

A run-off regime for payments firms and e-money firms that do not enter the temporary regime or leave it without full UK authorisation will apply for five years, either on a supervised or contractual basis (though the FCA can require supervised run-off for firms to demonstrate they are safeguarding client funds). 

A run-off regime will apply for non-UK Central Counterparties that are eligible for, but do not enter, the temporary recognition regime, for a period of one year starting on exit day. If a non-UK CCP entered the temporary recognition regime but exits it without the necessary permanent recognition, the Bank of England will determine a non-extendable period for recognition up to a year. 

There will also be a run-off regime for trade repositories that are removed from the temporary registration regime without the necessary permissions to continue to provide services to UK firms, for a non-extendable period of one year, unless the FCA sets a shorter period. 

UK firms dealing with EEA residents

The FCA has suggested that UK financial services providers consider the following questions ahead of Brexit. If the answer is 'Yes' to any of them, then the service provider should understand the legal basis for that scenario and whether another basis is necessary after Brexit - including additional regulatory permissions or a new subsidiary with the right authorisation or agency and necessary permissions in a remaining EEA member state. 

• Do you currently provide any regulated products or services to customers resident in the EEA? For example, you might provide financial advice to EEA based customers. Or you might have insurance contracts either with EEA based customers or which cover risks located in the EEA which require regulatory permission in that country in order to be serviced. 
• Do you have customers or counterparties based in the EEA, including UK expatriates now based in an EEA country? 
• Are you marketing financial products in the EEA? This includes products marketed on a website aimed at consumers in the EEA. 
• Do you have agents in the EEA or interact with any intermediary service providers in the EEA? For example, you may use an insurance intermediary to distribute products into the EEA. 
• Does your firm transfer personal data between the UK and the EEA or vice versa? 
• Does your firm have membership of any market infrastructure (trading venues, clearing house, settlement facility) based in the EEA? 
• Are you part of a wider corporate group based in the EEA, or does your firm receive any funding from an entity in the EEA? 
• Do you outsource or delegate to an EEA firm or does an EEA firm outsource or delegate to you? 
• Are you party to legal contracts which refer to EU law? 

There will now be insufficient time for any provider to get a new authorisation in another EEA member state, and even setting up an agency relationship would be very tough to do within the next few months.

Firms should be informing clients about issues such as:

• the implications of Brexit on the specific services they provide and the implications for the relationship between the client and the firm;
• the actions taken by the firm to prevent or detect problems, including how they will deal with client inquiries, changes in competent authorities or protection under national compensation schemes;
• the implications of any corporate restructuring, including changes to contractual terms or contract transfers;
• other impact on contractual and/or statutory rights, including the right to terminate existing contracts and cancel new contracts, and any rights of recourse and how to pursue them. 

If you do not receive credible, satisfactory assurances of service continuity post-Brexit from existing providers within the next few weeks, you should set-up alternative and/or back-up relationships as soon as possible.

Use It Or Lose It: The UK Temporary Permission (Passport) Regime

The UK's Financial Conduct Authority has told firms based elsewhere in the European Economic Area who rely on a 'passport' to offer their financial services in the UK to notify the FCA if they intend to use the UK "temporary permissions regime" (TPR). The Prudential Regulatory Authority has issued a similar direction to the banks and other firms it regulates.

Notifications to the FCA must be made by submitting the Temporary Permission Notification Form containing the necessary information via the FCA's "Connect" system between 7 January and 28 March 2019.

Firms that have not submitted a notification during that period will not be able to use the TPR.

The FCA told Parliament in 2016 that there are 8,008 EEA firms holding 23,532 passports covering their UK financial services offerings. 

The Cost Of My Professional #Brexit Preparations - £9,000 in Year 1

Few politicians will talk about the plight of the UK's trade in services after Brexit, presumably because they don't understand how it works, much less care. Yet services represent 80% of the UK economy, while UK firms and individuals exported £245 billion in services in 2016. But the UK had an overall trade deficit of -£67 billion with the EU in 2017, because a surplus of £28 billion on trade in services (exporting more than we imported) was outweighed by a deficit of £95 billion on trade in goods. The affected service providers will be hoping for this insane project to stop, but in the meantime we must prepare for the worst, whatever that might be...

Services affected by Brexit include, say, a British architect designing a building for a German client; the Manchester hotel catering for Italian tourists; or the Edinburgh accountants advising a French exporter.

Financial services and other business services (legal, accounting, advertising, research and development, architectural, engineering and other professional and technical services) made up 52% of UK service exports to the EU. And, of course, many businesses in those categories supply services to each other. 

So, the fact that financial licences won't work across the EU after Brexit, for example, means UK finance firms are moving their EU-facing operations into a remaining EU27 country and serving the rest of Europe from those offices.

Similarly, the fact that my UK legal qualifications won't be recognised in the EU means that I'll need to set up an additional presence somewhere in the EU27 (Ireland, in my case) just to keep advising my financial services clients on their EU-facing operations.

So, for me personally, the cost of doing business as usual after Brexit is at least £9,000 in fees the first year, and £6,000 each year after that, excluding any travel and accommodation. That's a big investment to make on the assumption that local lawyers elsewhere in the EU27 don't simply take my EU-related work away from me. But it's also money that will be spent in Euros in Ireland and not in the UK. Ireland is the winner here.

But this is not just a sob story about financial institutions and their professional advisers. The British woman, based in France, who drives skiers from Geneva airport to Morzine in her UK minibus on her UK bus licence won't be able to do that anymore, either.  Courier firms are also horrified, not just about vehicle or driver licensing issues and the higher costs and complexity involved in the movement of goods, but also because they employ EU staff with language skills and other key knowledge who may simply want to leave. 

What hoteliers make of all this is anyone's guess, it seems, but PWC suggests the biggest problem will be the ability to recruit and retain staff with the right language skills and experience. Based on the impact on financial and other business services, perhaps the movement of EU-facing operations into the EU may also mean less need for UK management and staff to travel to EU offices.

Of course, a market should develop around the need for advice on how to prepare for the worst. But for that to happen, we need to be much clearer on the impact of Brexit on services in the first place.

Financial Authorities Need A Fresh Approach To Innovation

The application of the latest technology and business models to finance ("FinTech") is sparking a debate about the role of regulators and their approach to innovation. Senior officials advocate no change, citing various experiments and distinct innovation teams or projects of their own. But the financial system will fail to keep pace with the demands of the broader economy unless a culture of encouraging innovation is embedded throughout our regulators.

Financial innovation is hog-tied to the past. Regulators are conditioned to view innovation through the lens of current services and rules, rather than to consider it afresh. New services are sidelined into policy silos, where they are 'shoe-horned' into existing rules. Regulators seem reluctant to concede that new services reveal shortcomings in existing models and or that they should drive a change in regulatory approach. 

For example, Mark Carney, Governor of the Bank of England, has said that the Bank of England takes "consistent approaches to activities that give rise to the same risks, regardless of whether those are undertaken by "old regulated" or "new FinTech" firms."  This is because, he claims, "following a raft of post-crisis reforms, the Bank’s regulatory frameworks are now fit for purpose."  

Whose purpose?

Do banks adequately serve their customers?

Do they operate within the law? 

The UK's banks are a constant source of scandal, and frequently incur vast fines and compensation bills for misconduct.  New problems emerge constantly, and on a giant scale. Their role in Russian money laundering is perhaps the latest example. Many of the post-crisis reforms are also yet to take effect in the UK. The critical "ring-fencing" of retail and investment or 'casino' banking, for example, has been watered-down and won't take effect until 2019 - more than a decade after the financial crisis began - while Donald Trump is busy unwinding such reforms in the US. Whether such national initiatives will even be effective in a global system is still unclear.

Despite its name, "FinTech" represents not only the application of technology but also (usually) a customer-oriented commitment to either improve existing financial services or create alternatives that are aligned with customers' requirements. Yet the Bank of England approaches such innovation in the banking sector by asking:

• Which FinTech activities constitute traditional banking activities by another name and should be regulated as such? Systemic risks associated with credit intermediation including maturity transformation, leverage and liquidity mismatch should be regulated consistently regardless of the delivery mechanism.
• How could developments change the safety and soundness of existing regulated firms?  
• How could developments change potential macroeconomic and macrofinancial dynamics including disruptions to systemically important markets? 
• What could be the implications for the level of cyber and operational risks faced by regulated firms and the financial system as a whole?

This is not just a UK phenomenon. When it comes to assessing the application of technology to the financial system Sabine Lautenschlager, Vice-Chair of the Supervisory Board of the European Central Bank, also advocates "same business, same risks, same rules." 

Sabine says that "customers want to extend their digital life to banking; they want banking services anytime and anywhere." Yet she points to three "potential futures" for 'banking', none of which acknowledges the benefits of innovation. The only 'benign' scenario she considers is the one where banks "team up with" new entrants (or "fintechs"). A second scenario involves fragmentation into regulated and unregulated activity - nothing new, as the unregulated 'shadow banking' sector was already at the vast, pre-crisis levels in 2015. A third is that "fintechs" might be "swallowed up by big tech companies" making the banking market "more concentrated, less competitive and less diversified" (as if banking isn't already!). But the big tech companies already have regulated financial subsidiaries (mainly offering retail payment services under EU carve-outs from the banking monopoly), and their presence in the market automatically makes it less concentrated, more competitive and more diversified.

The ECB's overall concern seems to be that banking will become less profitable, causing existing players to cut spending on risk management.  But a preoccupation with the impact of innovation on  legacy players dooms the sector to over reliance on legacy firms and inefficient models that effectively require super-normal profits to operate. Mark Carney also points out that concerns about banks cutting corners to keep up with more nimble competitors should not constrain innovation, but is instead a matter for the central bank "to ensure prudential standards and resolution regimes for the affected banks are sufficiently robust to these risks."

The ECB has some strange views on what constitutes risks.  It is said to be inherently risky, for example, that P2P lending platforms are "securitising the loans they originate from their platforms". That maybe how such programmes work in the US, but over there a regulated lender makes a regulated loan and sells it to a listed entity that issues bonds under an SEC-registered prospectus. So any problems are happening right under the noses of the relevant authorities. In the UK, the lenders are free to securitise their portfolios - and several have - but that is not the role of the platform operator. Again, however, this involves regulated activity, both at P2P platform level and through the offer and listing of the relevant bonds.  The regulators are already implicated.

"Robo-advice" is also said to create the risk of investors 'herding' into the same positions at the same time, yet this already happens among regulated fund managers (and banks).  

Risks associated with 'cloud' services and outsourcing of data storage are also cited by the ECB, but these are not new risks at all, or even exclusive to financial services.  

Indeed, what regulators seem to miss is that many of the technological advances that are finally being applied to financial services under the "FinTech" banner have been applied to other sectors for over a decade.

This is not to say that new models are necessarily 'good' or effective. It can also take some time for risks to emerge.  The 'lessons' of the past and the resulting regulatory 'tools' and solutions must not be forgotten, and the old models need to be managed along side the new. But those old models and the rules they require should not be the only lens through which all innovation is analysed. New services must also be viewed afresh.

Post-Brexit Outlook For Passported Financial Services

Well it's been a dismal six months watching the politicians shadow-box among themselves over what Brexit really means. There's no shared vision of the big picture, let alone any grip on the detail. What is clear, however, is that size matters in trade negotiations. So the larger trading partners like the EU will dictate their own terms in any deals. And while the application of logic seems to be prohibited in this 'post-truth' era, I intend to proceed on the basis that the UK will not even be a member of the EEA (or the Customs Union) - and that it certainly won't get a better trade deal with the EU than it has today. That means the only real job left for UK politicians is to figure out who gets pork-barrelled compensated by the UK taxpayer for being worse off for having to treat the EEA as a separate market (where they can't pass those costs onto their UK/EEA customers more).

While the car makers got in first, ejecting from the EU/EEA poses a very significant challenge, in particular, for the 5,476 of the UK firms relying on 336,421 'outbound' passports to avoid being authorised in every EEA member state. This works out at 61 passports per firm, which is somewhat strange given there are 31 EEA countries, but passports are counted for each separate directive that requires them (only one if a firm has several under the same directive). Brexit is also a challenge for the 8,008 EEA firms that hold 23,532 passports (about 3 each) to cover their UK offerings.

In essence, a total of 13,484 firms need to apply for 359,953 additional regulatory permissions over the next two years if they want to continue to make sure they can cover their existing markets.

Such applications don't come cheaply or quickly, and involve significant ongoing management and administration costs following authorisation. And because most of the work will be required abroad, the lion's share of the related fees and expenses will be charged outside the UK, worsening the UK's trade deficit even further. The UK can also kiss goodbye to the tax revenues on the earnings of each foreign firm, as well as the incomes of its management and staff...

But that's all water under the bridge (or out the English Channel, if you will).

During the next two years, any financial services firm based in the UK/EEA that relies on a passport for cross-border activities or ambitions involving the UK will need to pursue the following options, either organically or by acquisition: 

• Retain/obtain authorization for an entity established in the UK, if it wishes to serve the UK market;

• Obtain/retain authorization for an EEA-based entity to take advantage of the EEA passport regime for the remaining EEA countries;

• Seek to rely on any passporting arrangements that the UK may agree with non-EEA countries (these could only be formally agreed post-Brexit, but might be planned in the meantime);

• Obtain/retain authorisations in any non-EEA countries it wishes to target - as is the case today, but the cost/benefit of targeting some of these countries may now have changed, given the extra cost of authorisation to serve EEA markets, and perhaps jockeying among countries wishing to take advantage of the situation.

So where would you base your EEA-passport firm?

The relevant analysis, if not the outcome, will vary significantly depending on the type of financial services and markets involved. Most of the relevant passports relate to general insurance intermediation and trade in various securities/markets, but payment and e-money services represent the third most popular category with perhaps greater retail significance - here 350 UK firms rely on outbound passports and 142 EEA firms passport into the UK.  According to a report commissioned by the Emerging Payments Association, the 350 UK firms have six countries to choose from as a potential base for their EEA passport entity, based on criteria including the ease of making an application, supportive regulatory approach/attitude, ease of setting up and doing business, jurisdictional reputation and sovereign/political risk:

• Cyprus 
• Denmark 
• Ireland 
• Luxembourg 
• Malta 
• Sweden

While not wishing to disparage any of those fine jurisdictions, you will see from the commentary in the EPA report why the UK is walking away from a (literally) golden opportunity to continue its role as the preferred EEA passporting hub for financial firms (many of which are managed or staffed by people who moved to the UK for that reason).  Yet, while that commentary is very helpful and a useful lens through which to view options, I know from personal experience that it does not always reflect reality on the ground or capture all the criteria that are relevant to the decision for each firm - and the authors don't pretend that it does.

We are only at the beginning of a very long and expensive journey...

Boring But Important: Changes To Money Laundering Regulation

The UK government is consulting on important changes required to implement the fourth EU directive on anti-money laundering (which is still subject to change in the meantime) and changes to wire transfer regulation. Responses are due by 10 November.

This is not the only consultation paper issued recently, so it will be a week or so before I add further summary detail below!

Is The UK Framing Canada?

The economy, financial services and privacy are among the most sensitive political areas for the United Kingdom, yet with Mark Carney in charge at the Bank of England and the recent appointment of Elizabeth Denham as the UK's next Information Commissioner all these areas are now the responsibility of Canadians. Seems the UK government is looking for someone else to blame...

FCA Goes Social

The Financial Conduct Authority has made a huge effort to shrug off the image of its predecessor, and its latest guidance on social media and customer communications is another case in point. The FCA goes to far greater lengths than the FSA to understand the activities that it's regulating, and it has properly recognised the benefits to firms using the social media, not just the risks. There are some big concerns in here. But overall it's a helpful steer on how to market financial services in the social media, rather than just another regulatory minefield.

Now, about those 'big concerns'...

The word "consent" does not appear in this document. Nor do the words "data protection". The word "privacy" appears once, however, in a footnote which helpfully refers to the Information Commissioner's guidance on Direct Marketing. That's really the only nod to the many other requirements that application developers need to consider when producing financial services - something we've been focusing on intently at the Society for Computers and Law, for example. That's a particular concern, when section 1.8 of the guidance recommends "the use of software that enables advertisers to target particular groups very precisely" without so much as a footnote. If this is a tip to use Big Data tools, cookies and so on to engage in behavioural targeting of advertising, then firms will need a lot more help if they are to expected to do so appropriately.

Of equal concern is the FCA's decision to 'gold-plate' its guidance to the level of compliance required by the European directives on consumer credit and mortgages - another example of the European "regulatory creep" that blights the UK's landscape and is the source of so much talk of a "Brexit":

"The same constraints do not exist in other areas, but we think it is important to adopt a common approach across all the sectors we regulate, and across all media. To do otherwise would create a more complex and less certain regime, which would impose additional costs and which firms and consumers would find more difficult to navigate."

The problem with this approach is that not only do UK officials have a tendency to over-comply in this fashion, but they also take a literal approach to the interpretation of European law, rather than the purposive approach that European law itself dictates. So the UK invariably implements European edicts far more restrictively than, say, Greece or even France (historically the country most sued for failing to implement European laws, but here's the league table). 

Another problematic area is the guidance on using an image to convey a risk warning where a character limit would make it impossible to include it as text. While appearing to recommend this approach, the FCA then points out (on page 8) that Twitter settings, for example, allow users to ensure that images appear as a link, rather than being automatically displayed. So, risk warnings or other required information cannot appear solely as an image where such user features are present. This is explained a little more in section 7 of the Annex, which also mentions that some social media services limit the amount of text in images or crop them in unpredictable ways... In other words, images are not really much of a solution, even though they feature heavily throughout the FCA's examples.

Retweets and other sharing of financial promotions by customers and employees is another area for firms to consider a bit more carefully. There is some discussion of that (under "Other regulatory issues" on page 11), but it's obviously at the core of why firms would use the social media over traditional advertising channels. Basically, you can't rely on your employees to do the dirty work for you, at least not in the course of their employment (a slippery slope); and just because they or your customers are prepared to make a claim, doesn't mean that the firm can share it with impunity.

While it's refreshing that the FCA does not consider a tweet, for example, to be a real-time promotion, it doesn't mention the use of instant messaging features, or direct messaging. Although the guidance does mention that a customer 'following' a firm's account or 'liking' its material does not amount to an express request to receive real-time promotions to get around the ban on 'cold-calling'.

Finally, record-keeping is a key concern here. As the FCA points out (on page 14), you can't rely on the social media platforms to retain a copy of your promotional material. So firms need to have their own records of tweets etc., and the related compliance sign-offs.

No doubt the FCA's guidance will evolve in the light of these concerns over time - not to mention the guidance from the Information Commissioner!

FCA Spotlight On How Consumers Deal With Money

Source: Audio Visual Excellence

Consumer Spotlight is the FCA’s view on how UK consumers deal with money and financial services, including the capabilities and potential vulnerabilities. It describes ten consumer segments, and reveals the data the model is built on.

The tool is intended to help the FCA identify the risks consumers face, and the protection required.

Charts show how each segment responded to questions in a survey of over 4000 consumers. Filters reveal characteristics, attitudes and behaviours associated with different group of consumers (e.g. inertia, risk appetite and impulsiveness). This can help firms design products and communications that "work well for different, specific consumers."

The FCA's model is said to differ from firm's models because it incorporates "some data not commonly collected in commercial models, such as vulnerability characteristics and financial capability." However, I wonder if another difference is that some firms treat evidence of vulnerability and financial capability as a reason to target a segment, rather than avoid it...

While firms would be wise to at least consider the data when designing products and communications, the FCA warns that:

"The data is based on consumer recall and self-reported behaviour and attitudes; it is not validated against other sources. Consumers may not know the answers to questions. Other industry data may be gathered in different ways or for different purposes, making direct comparisons difficult... Although it may inform a firm's thinking and planning, the model is not designed for commercial development. We do not intend to enable firms to profile their own customer base using the model for their own commercial benefit."

The Role of Consumer Contracts, Advice and Disclosure

Great discussion at a CSFI event this morning, focusing on the difference between financial advice and guidance, and touching on the FCA's very encouraging plans to support a far better consumer experience and more innovation generally. A key theme in the discussion centred on the role of consumer contracts in the supply of financial services, and it was clear there needs to be more discussion on the tension between regulation, contracts and product information. 

Of course, the starting point was that lengthy consumer contracts are 'silly' - a point made by John Kay last year and discussed on the SCL blog. But it's important to recognise that contracts act as a layer between law and regulation and the information a consumer sees when buying and using a financial service. They represent a service provider's public statement of how it interprets the law and regulation to apply to its service. That statement is critical not only for consumers themselves, but also for the courts and many stakeholders on whom consumers rely to protect them (indeed governments have even deputised global service providers as private sheriffs, relying on violations of their terms of service to 'shut down' Wikileaks, for example). In addition, financial instruments - loans, bonds, shares - that are agreed or traded in the course of using most financial services are themselves simply sets of terms and conditions.

The reason consumers are confronted by such terms and conditions is that the courts have insisted that consumers must be given an opportunity to read and agree them if they are to govern the customer relationship. It is this interactive process of offer and acceptance that produces an enforceable "contract" (along with some form of 'consideration'). Unless and until Parliament changes the basis for establishing contract law in the UK, we're stuck with that approach. 

Yet this morning it was suggested that a consumer should not even need to the opportunity to read and agree terms and conditions in order to benefit from them. Revolutionary stuff, unless you live on the continent, where a lot more of what we see as contractual terms are embedded in civil codes. This of course removes a lot of commercial flexibility, and means the market moves at the speed of law and regulation... which would undermine the FCA's object of promoting innovation.

Of course, the financial services sector is arriving late to the debate about how to enable consumers to properly agree and understand the substance of a contract without necessarily drilling into the fine print unless they so wish. The intellectual property community came up with the Creative Commons licensing model in 2001 and, more recently, the World Economic Forum has been trying to foster a similar approach to the use of personal data.

But the critical issue in every case is whether the simplified summaries that consumers see and agree actually reflect the terms and conditions on which a firm says it is doing business; whether those terms and conditions are consistent with applicable law and regulation; and, finally, whether the firm's business processes and computers actually operate on the same basis. Here we run into the tension between Big Data and the growing array of technology that puts you in control of Your Data - data about you, or which you generate in the course of your activities.

This is certainly not an area where the FCA can go it alone, and it's great to see their representatives (not to mention someone from the Treasury) participating in open debates such as the one this morning. 

EBA Seeks To Freeze Link Between Actual And Virtual Currencies

On Friday, the European Banking Authority advised EU national financial regulators to "discourage" credit institutions (banks), payment institutions and e-money institutions from buying, holding or selling virtual currencies, based on over 70 risks that it says will require substantial regulation. The EBA says that should include bringing virtual currency exchanges which deal between virtual and actual currencies within the anti-money laundering regime.

Somewhat cryptically, the EBA concludes:

"Other things being equal, this immediate response will allow VC schemes to innovate and develop outside of the financial services sector, including the development of solutions that would satisfy regulatory demands of the kind specified above. The immediate response would also still allow financial institutions to maintain, for example, a current account relationship with businesses active in the field of VCs."

But there are many flaws in the EBA’s approach, and it undermines the EU’s potential as a home for financial services innovation. A lot more work should have been done - and the EBA should have engaged with the market participants publicly and constructively - before taking such disruptive action. Especially given that those participants (including venture capitalists and possibly financial institutions) should have a legitimate expectation to be able to continue their lawful involvement, unless the law is changed by the usual process. 

The EBA concedes as much by saying that it is too early to collect enough data to understand exactly what they are "shielding" financial institutions from: 

"...the phenomenon of [virtual currencies] being assessed has not existed for a sufficient amount of time for there to be quantitative evidence available of the existing risks, nor is this of the quality required for a robust ranking."

So what is the basis for intervening in this way now? Gut instinct?

There is obvious duplication and overlap amongst the risks identified and many “are similar, if not identical, to risks arising from conventional financial services or products, such as payment services or investment products”, as are the regulatory controls that are suggested for the longer term. Key benefits of virtual currencies are also dismissed in the context of the EU and Eurozone on the basis of regulations that are yet to take effect. 

Oddly, the EBA points to a risk that regulating virtual currencies more leniently will create an unequal playing field that could result in service providers leaving fiat currency markets in favour of their virtual cousins. Surely that risk is heightened by denying financial institutions early access to virtual markets altogether. Has the EBA learned nothing from the rise of shadow banking? Won't this breed weak regulated institutions? Won't entrepreneurs simply operate outside the EU, leaving its institutions unable to capitalise on opportunities that virtual currencies might have brought? 

And why would the EU want to discourage borderless financial services while it's trying so hard to kickstart cross-border commerce?

A requirement for fully comprehensive regulation cannot be the price of institutional participation in virtual currency markets. There is a flawed belief amongst Eurocrats that ‘vigorous regulation’ is a pre-condition for consumer trust, as Paul Nemitz recently asserted. But that is not supported by the way in which the digital economy has evolved. Regulation can help build on existing trust, but cannot create trust where none existed before. This difference between the civil law and common law view of the role of regulation needs to be resolved in favour of a more acommodating EU approach to innovation and competition if the EU member states are to compete globally. For instance, the UK Cabinet Office convened a workshop on financial innovation in October 2013, which featured a session on virtual currencies; and UK revenue officials were helpful in merely clarifying their tax treatment of virtual currencies earlier this year. More recently, the Financial Action Taskforce (FATF) was also much more circumspect in a report that was intended to “stimulate a discussion” on how to introduce risk-based anti-money laundering controls in the context of virtual currencies. 

The EBA's intervention is further evidence that the EU financial regulatory regime needs to be much more open to innovation and competition if we are to avoid the pitfalls discussed in the Parliamentary Commission on Banking Standards.

A more detailed review of the EBA opinion has since been published at the Society for Computers and Law.

Why Our ISAs Don't 'Work'... Yet.

The Treasury consultation on expanding the ISA scheme provides a fresh opportunity to put our savings to work and boost economic growth at the same time.

What's wrong with ISAs?

The “Individual Savings Account” (ISA) rules encourage us to put £11,280 a year into bank cash deposits and a limited list of regulated bonds and shares by making the returns tax-free.

Last year the Treasury estimated that about 45% of UK adults have an ISA, with a total of £400bn split about equally between cash and stocks/shares.

But in 2010 Consumer Focus found that cash-ISAs were only earning an average of 0.41% interest (after initial ‘teaser’ rates expire). They also found that 60 per cent of savers never withdraw money from their account; and 30 per cent see their ISAs as an alternative to a pension. 

Yet the banks don't use this cheap £200bn very wisely. In fact, only £1 in every £10 of the credit they create is allocated to firms who contribute to economic growth (GDP) and 60% of new jobs. In other words, lending to businesses is just not our banks' core activity, even though we also guarantee their liabilities. They earn more by financing consumption and speculation in financial assets. They've even taken £9.5bn under the so-called "Funding for Lending" scheme, and lent even less than before...

So we need the ISA scheme to encourage people to put their ISA money - and the country - back to work.

That means adding alternative asset classes that provide a decent return by financing the real economy, such as those generated on peer-to-peer lending and crowd-investment platforms.

Why hasn't this been done already?

The Treasury has previously resisted calls to do this on two occasions over the past few years. Their defence has been that ISAs are popular, simple to understand, relatively low risk and peer-to-peer platforms are not regulated (see here at para 14 and here at page 13).

But on neither occasion did the Treasury acknowledge the risks posed by the huge concentration of ISA cash in low yield deposits. Or the potential benefits of enabling savers to make some of those funds available to consumers and small businesses at lower cost and far higher returns - especially given that peer-to-peer default rates have proved to be very low.

The regulatory concern also appears to have been misplaced. Banks have clearly demonstrated that regulation affords no guarantee that consumers will be treated fairly. And peer-to-peer platforms, which are already partly regulated by the Office of Fair Trading, have been requesting broader regulation for several years. As a result, the Treasury has begun consulting on plans for more comprehensive regulation by the new Financial Conduct Authority from 2014.

All of that means the latest consultation on adding new assets to the ISA scheme is a golden opportunity to convince the Treasury to let us put our savings to work. 

Let's not miss it.

Submission To Parliamentary Commission on Banking Standards

In the interests of transparency, I've embedded below my submission to the Parliamentary Commission on Banking Standards.

Submission to commission on banking standards sdj 08 02 13 final from Simon Deane-Johns

Abandon Hope All Ye Who Enter The Financial Services Bill

The new financial regime is unsinkable

As a desperate alternative to the Eurovision Song Contest, last night I combed the latest version of the Financial Services Bill for a glimmer of evidence that the Government understands the extreme difficulty of innovating responsibly in a retail financial world dominated by a byzantine regulatory regime. 

Alas there's nothing much in the Bill except two new supervisory deckchairs from which the authorities can watch our major financial institutions power us inexorably into the icy depths. 

To be fair, the word "innovation" does appear once in this homage to complexity. But it is used in a way that could only be intended to evoke the maximum possible relief amongst those terrified of it. The financial authorities need only promote effective competition and innovation within the markets for regulated financial services. God forbid there should be a process for developing proportionate regulation of emerging business models, or that the authorities should provide guidance to those intent on delivering better outcomes for consumers than established firms or existing services. Here is the leading, bleeding, cutting edge of our giant financial regulatory regime:

"1E The competition objective

(1) The competition objective is: promoting effective competition in the interests of consumers in the markets for—
(a) regulated financial services, or
(b) services provided by a recognised investment exchange in carrying on regulated activities in respect of which it is by virtue of section 285(2) exempt from the general prohibition.

(2) The matters to which the FCA may have regard in considering the effectiveness of competition in the market for any services mentioned in subsection (1) include—
(a) the needs of different consumers who use or may use those services, including their need for information that enables them to make informed choices,
(b) the ease with which consumers who obtain those services can change the person from whom they obtain them,
(c) the ease with which new entrants can enter the market, and
(d) how far competition is encouraging innovation."

US Crowdfunding Bill

"It's time for reflection..." FT.com

Further to my recent post on a new regulatory model for retail finance, the US House of Representative has passed a Bill HR 2930 (still subject to Senate and Presidential approval) which would enable the issuer of securities to raise small amounts of money from many people (crowdfunding) on the basis summarised below. Please note that I've used the helpful summary from VentureBeat, but replaced "company" with "issuer", as I see no reason on my reading of the bill and the definition of "issuer" in the Securities Act 1933 why this would not enable person-to-person lending, rather than merely raising capital for corporations. However, I'm not a US securities lawyer, and you should seek your own independent legal advice ;-)

• "The [issuer] may only raise a maximum of $1 million, or $2 million if the [issuer] provides potential investors with audited financial statements.

• Each investor is limited to investing an amount equal to the lesser of (i) $10,000 or (ii) 10% of his or her annual income.

• The issuer or the intermediary, if applicable, must take a number of steps to limit the risk to investors, including (i) warning them of the speculative nature of the investment and the limitations on resale, (ii) requiring them to answer questions demonstrating their understanding of the risks, and (iii) providing notice to the SEC of the offering, including certain prescribed information.”

As mentioned previously, it would be great to see this sort of support for alternative finance from the UK authorities.