Financial regulators have been quick to respond through co-ordinating international action, introducing new regulatory measures and guidelines to allow firms to focus on immediate priorities of financial stability, of injecting liquidity to operational resilience. Regulators have taken a pragmatic approach in reducing the regulatory burden on firms by delaying the implementation of new legislation such as the EU Securities Financing Transaction Regulation (SFTR) and allowing UK listed companies an extra 2 months to publish their audited annual financial reports.
Since the financial crisis in 2008, banks have strengthened their capital position, built up solid liquidity buffer and improved the quality of the assets on their balance sheets, but they are nevertheless facing unprecedented operational challenges including business continuity under COV-19, hence the need to focus on their core operations and critical functions.
It is KRM22’s opinion that the COV-19 crises has demonstrated that firms survival is critical on how it manages risks. Risk management solutions providing a holistic real-time view of market, regulatory, operational and technology risks is essential to enable senior management to make effective and timely decisions.
The FCA published a statement on the 17th March 2020 that it expects all regulated firms to have undertaken an assessment of operational risks, the ability for firms to continue to operate effectively and the steps required to serve and support their customers
The FCA expectation is for firms to have in place contingency plans to deal with COV-19 and that business continuity plans have been tested and effectively implemented.
Since the outbreak, the FCA has been actively reviewing the contingency plans of a wide range of regulated firms. This includes the firms assessment to continue to operate effectively and the steps firms are taking to serve and support their customers.
It is KRM22’s opinion that the best way to manage operational risks, is to have in place an effective enterprise risk management system identifying key business risks, performing risk assessments, prioritizing mitigating actions with real-time MI reporting to senior management including at board level.
FCA has set clear expectations that firms should take all reasonable steps to meet regulatory obligations which are in place to protect their consumers and maintain market integrity.
The FCA has stated that as firms are moving to alternative sites and working from home arrangements, they must consider the broader control environment in these new circumstances.
For example, the FCA expect’s firms to be able to enter orders and transactions promptly into the relevant systems, use recorded lines when trading and give staff access to the compliance support they need. If firms are able to meet these standards and undertake these activities from backup sites or with staff working from home, then they will comply with FCA requirements.
The FCA has made clear despite remote working firms must continue to take all necessary steps to prevent market abuse. Firms therefore must establish appropriate systems and controls for monitoring market abuse and insider trading behaviour.
In KRM22’s opinion, firms need to have in place effective trade surveillance and communication monitoring systems including the ability to monitor activities intra-day or near real-time for firms holding dominant market positions particularly during these volatile times. Firms that are unable to undertake market surveillance obligations in accordance to MAR and MiFIDII regulations are required to inform the regulator immediately.
Firms must continue to record all voice (Fixed line and Mobile line) and electronic communications (IM / Chartrooms / Email) for individuals undertaking commercial dealing activities remotely however the FCA accepts that some scenarios may emerge where this is not possible. In such instance firms must make the FCA aware if they are unable to meet these requirements.
KRM22 expects firms to consider the steps they would take to mitigate outstanding risks if they are unable to comply with their FCA obligations. This could include enhanced monitoring, or retrospective review once the situation has been resolved.
Furthermore, firms may experience difficulties in submitting their regulatory data, in which case the FCA expects the firm to maintain appropriate records during this period of market uncertainty and submit the data as soon as possible.
The FCA has welcomed from the European Securities & Markets Authority (ESMA) upcoming changes to the tick size regime for certain firms, as required by the EU Investment Firms Regulation. FCA is taking a pragmatic view and will not prioritise supervision of the new requirements at this time and expects firms to focus on minimising the potential for operational disruption due to COV-19.
The European Securities Markets Authority (ESMA) announced on the 16th March, a three-month delay to SFTR implementation. It has been recognised that SFT reporting implementation is now heavily impacted by the COV-19 pandemic. The delay is to allow firms to focus on their contingency plans to ensure the continuity of their operations and ongoing projects to meet existing regulatory requirements. 1st phase implementation of SFTR has now been deferred to 13th July 2020.
Work-Related Travel – Senior Managers Responsibility
The FCA has published a statement on how firms should prioritise who needs to travel to the office and the responsibilities of Senior Managers in doing so.
The FCA advised that the Chief Executive Officer Senior Management Function (SMF1) is accountable for ensuring an adequate process identifying which of their employees are unable to perform their jobs from home and have to travel to the office or business continuity site. The FCA expects the total number of roles requiring an ongoing physical presence in the office or business continuity site to be far smaller than the number of workers needed to ensure all of a firm’s business activities continue to function on a business as usual basis.
The FCA has stated that it does not require firms to have a single senior manager responsible for their COV-19 response. While it is important for firms to have a clear framework for allocating responsibilities to various Senior Management Functions (SMFs) for different aspects of their response to COV-19, the regulator does not generally prescribe a ‘one-size-fits-all’ approach. Firms should allocate these responsibilities in the way which best enables them to manage the risks they face. There are existing responsibilities specified in the Senior Managers Regime, for example SMF24 for Operational Resilience and SMF2 for Financial Resilience. SMF24 already has accountability for business continuity, information security and outsourcing.
Significant changes to SMF’s responsibilities may be required in this period due to sickness or any other temporary situations as a result of COV-19. The regulator expects firms to resubmit relevant Statement of Responsibilities (SoRs) as soon as reasonably practicable and understand that firms may take longer than usual to submit revised SoRs.
The FCA rules allow individuals to perform SMFs without approval for up to 12 weeks in a consecutive one-year period if their firm experiences an SMF vacancy that is (a) temporary; and/or (b) reasonably unforeseen. This is sometimes referred to as the ‘12-week rule’. In normal circumstances, the 12-week rule provides enough flexibility for firms to deal with temporary or unexpected SMF absences. The FCA is currently gathering evidence on whether the 12-week rule is likely to give firms enough flexibility to deal with temporary absences of SMF as a result of COV-19. At KRM22 we believe it would be a pragmatic approach to relax the 12-week rule particularly if the COV-19 prolongs into Autumn 2020.
The FCA has set out its business priorities for the year ahead with specific focus on the challenges presented by COV-19. A number of these key measures are listed below:
The European Banking Authority issued a press release on the 12th March 2020 on actions to mitigate the impact of COVID-19 on the EU banking sector. In summary EU-wide stress testing has been postponed to 2021 to allow banks to prioritise operational continuity.
The EBA, along with national competent authorities (CAs) including the FCA, and the European Central Bank, is co-ordinating a joint effort to alleviate the immediate operational burden for banks. The EBA recommends CAs to make full use, of the flexibility embedded in the regulatory framework to support the banking sector. Addressing any operational challenges banks may face is the priority.
For 2020, the EBA will carry out an additional EU-wide transparency exercise in order to provide updated information on banks’ exposures and asset quality to market participants.
In addition, the EBA recommends CAs to plan supervisory activities, including on-site inspections, in a pragmatic and flexible way, and possibly postpone those deemed non-essential. CAs could also give banks some leeway in the remittance dates for some areas of supervisory reporting, without putting at stake the crucial information needed to monitor closely banks’ financial and prudential situation. Overall in the opinion of kRM22 this a welcome and necessary development to alleviate resource pressures.
The FCA has stated that capital and liquidity buffers are there to be used in times of stress including for COV-19. Firms who have been set buffers can use them to support the continuation of the firm’s activities.
Firms should be planning ahead and ensure the sound management of their financial resources. If the firm needs to exit the market, planning should consider how this can be done in an orderly way while taking steps to reduce the harm to consumers and the markets.
Past crises suggest illicit finance will continue to flow under COV-19. There is already evidence of increased levels of cyber-crime, COVID-19 related frauds and scams targeting vulnerable people and companies, of fake fundraising campaigns and of criminal networks selling goods at a higher price. KRM22’s assessment indicates new techniques and channels of laundering money are emerging.
The European Banking Authority has urged Competent Authorities including the FCA to undertake a number of key measures:
On 3 April 2020, the Basel Committee on Banking Supervision (BCBS) and the International Organization of Securities Commissions (IOSCO) published a statement announcing a one-year deferral of the September 2020 and September 2021 phase-ins of the global initial margin requirements for non-centrally cleared derivatives.
Firms with an aggregate average notional amount (AANA) of uncleared derivatives exceeding EUR 50bn will now become subject to the initial margin requirements from 1 September 2021. Similarly, firms with an AANA of uncleared derivatives exceeding EUR 8bn will now become subject to the initial margin requirements from 1 September 2022.
The deferral intends to provide additional operational capacity for impacted firms to respond to the immediate challenges of COV-19 and facilitate firms’ readiness to comply with the requirements by the revised deadline.
The FCA is reviewing work plans so that it can delay or postpone activity which is not critical to protecting consumers and market integrity in the short-term. This will allow firms to focus on business critical operations.
One of the immediate actions taken was to extend the closing date for responses to open consultation papers and calls for input until 1 October 2020 and rescheduling most other planned work. The FCA has scaled back its programme of routine business interactions, especially through meetings so that it only contact firms on business-critical requests and responses to the current situation.
The coronavirus crises has caused significant disruption to the operations of financial markets. COV-19 crises has demonstrated that firms survival is critical on how it manages risks. Risk management solutions providing a holistic real-time view of market, regulatory, operational and technology risks is essential to enable senior management to make effective and timely decisions.
KRM22 has in place today a full suite of regulatory products covering Market Abuse, Financial Crime and SM&CR. KRM22’s systems are underpinned by the Global Risk Platform providing a single gateway to access multiple applications and the Enterprise Risk Cockpit which provides a holistic view of compliance risk in real-time.