Financial Services Regulation 2024 - New Year briefing

The Financial Services and Markets Act 2023 (FSMA 2023) received Royal Assent on 29 June 2023.  This marked the beginning of a major overhaul of certain aspects of the UK's regulatory framework for financial services, payment services and financial market infrastructure.

We discussed the measures to be introduced by FSMA 2023 at the time in our briefing: Financial Services and Markets Act 2023: Building a Smarter Regulatory Framework in the UK? | Travers Smith.

In many respects, FSMA 2023 simply sets out the framework for future changes to the UK regulatory regime.  Some of these are now in the process of being implemented.  These include the new regime for the approval of financial promotions (see UK Financial Promotion Regime and Rules) and the new Designated Activities Regime (DAR) for the regulation of certain financial services activities outside the existing regulated activities authorisation regime. Initially, most designated activities are expected to be those which are currently regulated through "assimilated law" (previously "retained EU law"). Under the DAR, HM Treasury has a power to designate certain activities relating to UK financial markets or exchanges and financial instruments, products or investments (including cryptoassets) issued or sold to, or by, persons in the UK.  Under the designation, the designated activity may be prohibited or subject to specific rules and requirements.   Where relevant, the FCA will be able to make rules in relation to designated activities and may also have the power to give directions and other enforcement powers. 

We have already seen the introduction of the first designated activities with the granting to the FCA of new powers, including in relation to part of the new UK retail disclosure framework (see UK Retail Disclosure Regime), the new UK short selling regime, and the new UK securitisation regime.

The PRA and FCA are also currently consulting on additional powers for the UK regulators in respect of critical third-party service providers (see UK Critical Third Parties Regime).

One of the key measures introduced in FSMA 2023 is the implementation of the UK's post-Brexit framework.  This will involve the eventual revocation of "assimilated law" (previously "retained EU law") relating to financial services and markets and, for the most part, its replacement by FCA, PRA and Bank of England rules.  Already a number of statutory instruments have been revoked but these generally represent a "tidying up" of obsolete or superseded legislation.

For the more substantive changes, it will usually be necessary for the relevant regulatory rules to have been drafted before the legislation can be revoked and therefore this will be a slow process.  However, substantial progress has been made on the first two phases which included the Securitisation Regulation, the MiFID framework, the Packaged Retail and Insurance-Based Investment Products Regulation (UK PRIIPs) and the Short Selling Regulation.

Some of the simpler provisions in FSMA 2023 have also already come into force including the ability for the FCA and the PRA to exercise their enforcement powers against formerly authorised firms and to impose conditions on controllers. 

FSMA 2023 also ushered in a new era for a range of subjects relating to financial markets infrastructures and payments, most notably including powers to regulate digital settlement assets and the creation of FMI sandboxes. These and other topics are covered in Section 6 of this Briefing.

The long-awaited consultation from the FCA on diversity and inclusion (D&I) was published in September 2023 (CP23/20: Diversity and inclusion in the financial sector).  The PRA also issued its own consultation (CP18/23 – Diversity and inclusion in PRA-regulated firms) for PRA-regulated firms which was developed in parallel with the FCA consultation.

The FCA consultation is relevant for all FCA-authorised firms with a Part 4A permission.  Payment service providers or e-money firms are not in scope of the proposals unless they also have an additional Part 4A permission.

The proposals included, for all relevant firms regardless of the number of employees, the incorporation of non-financial misconduct into the FCA's Conduct Rules, fit and proper assessments, suitability guidance on the Threshold Conditions and guidance on regulatory references. The scope of non-financial misconduct included in the proposals is broad, covering cultural matters such as discrimination, harassment and bullying, as well as any other serious failure to treat colleagues with fairness, dignity and respect. In relation to fit and proper assessments, it also includes misconduct in a person's private or personal life.

All firms (other than limited-scope SM&CR firms) would also have to report on the number of employees annually.

Large firms with 251 or more employees (but excluding limited-scope SM&CR firms) would also be required to:

• develop a D&I strategy;
  
  
• set targets to address underrepresentation;
  
  
• report and make public disclosures annually on certain D&I matters; and
  
  
• incorporate D&I into the firm's governance.

The deadline for comments was 18 December 2023 and the FCA intends to publish a Policy Statement with the final rules in the second half of 2024.  The new rules are expected to come into force 12 months after that.

The FCA's focus on D&I is much wider than equalities legislation, but aspects of its proposals have the potential to engage such legislation as well as employment law, and firms will need to tread a careful line. Under the proposals, the focus for large firms is not only legally protected characteristics, such as race and gender, but broader demographic characteristics, such as socio-economic background.  Large firms would also be required to complete annual employee surveys on culture and inclusion in order to comply with the reporting requirements.

We discussed the proposals in more detail in our briefing: FCA consults on new Diversity and Inclusion rules | Travers Smith.

2023 saw a number of developments in respect of financial promotions including the introduction of the regulatory gateway set out in FSMA 2023, amendments to the criteria for high net-worth individuals and sophisticated investors and a number of FCA initiatives largely seeking to protect consumers.  The FCA has also introduced new rules on cryptoasset financial promotions as discussed in section 7. 

Regulatory gateway

Following the coming into force of FSMA 2023, which sets out the framework for the new regulatory gateway, the FCA issued PS23/13 in September 2023 with its near-final rules on the new regulatory regime for firms seeking to approve financial promotions.

From 7 February 2024, firms wishing to approve financial promotions on behalf of third parties will need to have received permission from the FCA to do so.  Existing firms which submitted an application between 6 November 2023 and 6 February 2024 which is not yet determined by 7 February 2024 may continue to approve financial promotions until the FCA's final decision.  The application window for existing firms to apply for a Variation of Permission to allow them to approve financial promotions opened on 6 November 2023.

The new rules are relevant for new and existing firms that approve financial promotions on behalf of third parties (i.e. not firms approving their own promotions even if these are to be communicated by an unauthorised person).  There are also exemptions where a firm approves financial promotions for a member of the same group or for its appointed representative.

In-scope firms will need to report twice a year to the FCA on their financial promotion activity, including the total number of approvals, total number of customer complaints and revenue from financial promotion approval activity.

Reporting requirements will also apply for in-scope firms which approve a financial promotion relating to non-mainstream pooled investments (such as units in unregulated funds), speculative illiquid securities and qualifying cryptoasset investments.  In addition, in-scope firms approving amendments to, or withdrawing approval of, a financial promotion due to a "notifiable concern" will need to notify the FCA.

We discussed the new regime in more detail at the time in our briefing: New FCA rules on approving financial promotions | Travers Smith.

Amendments to the financial promotion exemptions for high net-worth individuals and sophisticated investors

In November 2023, HM Treasury issued its Consultation response on updates to the financial promotion exemptions which makes changes to the current high net-worth individual exemption and self-certified sophisticated investor exemption in the Financial Promotion Order 2005 (FPO) and the Promotion of Collective Investment Schemes Order 2001 (PCIS Order).  In December 2023, the Financial Services and Markets Act 2000 (Financial Promotion) (Amendment) (No. 2) Order 2023 was made which gave effect to the changes.

The high net-worth individual exemption (Article 48 of the FPO and Article 21 of the PCIS Order) permits certain types of financial promotions to be lawfully made by unauthorised persons, and in the case of collective investment schemes, by authorised firms to individuals provided, among other things, that the relevant individual has income or net assets above a certain threshold.  As a result of the changes, the thresholds are increased to income of at least £170,000 (previously £100,000) and net assets of at least £430,000 (previously £250,000).  The increased thresholds are largely intended to reflect the impact of inflation.

The sophisticated investor exemption (Article 50A of the FPO and Article 23A of the PCIS Order) permits certain types of financial promotions to be lawfully made to individuals where certain criteria are met, including that the relevant individual certifies that they have engaged in at least one specified commercial or investment activity.  The changes amend those activities by removing the criterion of having made more than one investment in an unlisted company in the previous two years and amending the company director criterion so that the person must be or have recently been a director of a company with an annual turnover of at least £1.6 million (previously £1 million).

The statements to be signed by the relevant individual to confirm that they meet the relevant criteria have also been updated.  In particular, these now require additional information to be provided to ensure that the relevant individual has properly considered whether they meet the exemption criteria and simpler language to help the relevant individual understand the protections that they are giving up.

In addition, when providing the warnings which are required when relying on the exemptions, the person making the communication will also need to provide additional details such as their full name, address for further information and (if different) registered office address and company number.  This is intended to assist recipients in carrying out basic due diligence and to help the FCA in investigating breaches of the requirements.

The new requirements take effect on 31 January 2024.  Persons making financial promotions in reliance on the exemptions will therefore need to consider what steps they need to take in order for them to continue to do so after that date.  This may include seeking updated investor statements, ensuring that any new financial promotions comply with the new contents requirements and updating any internal policies or compliance manuals.

Although there is no official transitional regime, HM Treasury in the consultation response notes that Article 14 of the FPO (it doesn't mention the equivalent provision in Article 11 of the PCIS Order) permits subsequent follow-up communications relating to the same matter within 12 months of the first communication.  Certain additional requirements need to be met to rely on this exemption including that subsequent financial promotions are made by the same person.  HM Treasury states that businesses may rely on this exemption and not be required to request an updated investor statement if they made a compliant financial promotion before 31 January 2024. This will be particularly useful for entities which, for example, are mid-fundraise or are otherwise engaged in ongoing communications at the time the new rules come into force.

FCA guidance on social media financial promotions

In July 2023, the FCA issued a consultation (GC23/2: Financial promotions on social media) on an updated version of its guidance on financial promotions on social media in FG15/4. The updates are intended to reflect developments in social media financial promotions including new communication channels and the use of influencers.  The consultation closed on 11 September 2023 and finalised guidance was due in late 2023.

The proposed key changes to the current guidance include:

• A number of changes broadly intended to reflect the Consumer Duty.  These include a general provision that firms’ communications should support and enable informed decision-making and equip consumers with the right information in a timely way and that firms should regularly test, monitor and adapt communications to support good consumer outcomes, including to reflect developments in social media.  Firms should also consider how they tailor communications to the likely audience and whether social media is an appropriate channel in the relevant case. The FCA does not consider that repeatedly bombarding recipients with financial promotions from the same service or firm is acting in good faith.
  
  
• Some of the FCA's comments on affiliate marketing (i.e. where a firm makes an agreement to pay commission to a person based on business generated from referrals) are likely to cause some concern.  For example, the FCA states that it may consider a firm to be causing a communication to be made where an affiliate marketer communicates a financial promotion containing a firm’s referral link even if the firm did not develop, create or control the content of that communication.  This suggests that firms may need to keep a stricter eye on the activities of their affiliate marketeers.
  
  
• The FCA states that high-risk investments which are banned from being mass marketed to retail investors, such as non-mainstream pooled investments and speculative illiquid securities, should not be promoted on social media as they may potentially be viewed by ordinary retail investors.
  
  
• The FCA also states that communications through channels such as live-streams or gaming streams are likely to be considered a non-real time promotion.
  
  
• Firms should consider the way material on social media is distributed, for example, ensuring that the original communication would remain fair, clear and not misleading, even if it ends up in front of a non-intended recipient through third party sharing.  Firms should also consider whether social media is an appropriate channel to promote products or services with a restricted target market given the risks of communications being shared or forwarded.
  
  
• When making use of influencers, firms should ensure the influencer understands the products they are promoting and consider the influencer’s audience demographics.  For example, some influencers may not be appropriate for the promotion of complex products such as CFDs.
  
  
• Risk warnings should be clear to consumers on the face of the promotion.  The FCA warns that it may limit consumer understanding to display a risk warning which is less prominent than the headline or which is presented after the communication of the promotion.  There is also some guidance on the use of truncated text and shortened risk warnings.
  
  
• Firms should consider using mitigating strategies to ensure that consumers are not unknowingly directed to non-UK entities where they may not benefit from UK regulatory protection.  These strategies could include solely UK-focused social media profiles or geolocation techniques to redirect consumers automatically to the UK firm's website or app.

The updated guidance also includes some examples of when a person is likely to be considered to be acting "in the course of business" which suggests that the FCA is taking a broad interpretation of this.  For example, the FCA considers an influencer who is not currently employed by a firm but is promoting a firm’s services in order to generate revenue from a relationship with the firm in the future or who is promoting the services of a firm in an attempt to acquire more followers and likes which they will use to ask for a higher fee in future brand deals with firms to be examples of acting "in the course of business".

Ban on cold calling for consumer financial services and products

HM Treasury issued a consultation and call for evidence on a proposed ban on cold calling for consumer financial services and products.  This closed on 27 September 2023.

The government proposes to ban cold calling for all financial services and products.  This is to make it clear that any unsolicited calls to consumers to sell financial products are unlawful.

The scope of the ban is expected to include unsolicited, live telephone calls to an individual for the purpose of direct marketing.  However, the HM Treasury also asks for views on whether this should be extended further to include live electronic communications such as social media video or voice calls and/or in-person, unsolicited marketing on domestic premises.

Products and services expected to be covered by the ban include:

• Any product or service of a banking or payment nature, including electronic money and cryptoassets.
  
  
• Mortgages and insurance, as well as white goods warranties and protection plans.
  
  
• Investments, including tangible items marketed in the manner of an investment, e.g. whiskey and wine.
  
  
• Credit and debt, including individual voluntary arrangements.

The proposed ban does not consider non-live electronic communications such as text messages and emails as these are considered to be already covered by the Privacy and Electronic Communications Regulations (PECR).The ban is also not expected to include business-to-business cold calling.  The ban would not prevent firms from engaging in non-marketing activities such as customer service or administrative messages or tracing and reunification activities.  The ban would also not apply to interactions where the customer has knowingly and freely given clear and specific consent to be contacted for marketing purposes.

HM Treasury also asks for views on whether to allow an exception for FCA and PRA authorised businesses, where there is an “established existing client relationship” and the relationship is such that the recipient envisages receiving cold calls.

If adopted, the ban would be implemented through PECR as an extension to the existing ban on cold calling for pensions with enforcement by the Information Commissioner’s Office.

No date is currently envisaged for the ban to come into effect.

Ban on incentives to invest in high-risk investments

The FCA issued Quarterly Consultation Paper No. 40 in June 2023 which included some amendments to the ban on offering incentives in financial promotions to retail clients to invest in restricted mass market investments (such as non-readily realisable securities and units in Long-Term Asset Funds) (RMMIs) and non-mass market investments (such as units in unregulated collective investment schemes and speculative illiquid securities) (NMMIs).  Although the rules on RMMIs and NMMIs already included a ban on including incentives to invest in financial promotions, the FCA felt that further clarification was needed for firms.

Therefore, the FCA has proposed some changes to the rules on RMMIs and NMMIs in COBS 4.12A and COBS 4.12B respectively largely to clarify the types of arrangements which are to be considered incentives for the purposes of the ban.  The FCA also proposes to clarify that the rationale for offering an incentive is immaterial when considering whether the ban applies.

Under the proposed new rules, prohibited incentives would include discounts or rebates on fees (but exclude lower fees not linked to volumes such as tiered pricing models).

Also the following would be likely to be considered incentives:

• benefits which are not intrinsically linked to, and can be entirely separated from, the relevant investment or investment activity which is being promoted (such as a free gift);
  
  
• benefits which are only available for a fixed period of time, or are contingent upon investing in a RMMI or NMMI in the future; and
  
  
• benefits which are only available to retail clients who invest through a particular channel (such as through a social media link).

Financial promotions which would generally not fall within the scope of the ban include:

• promotions whose exclusive purpose is to persuade the recipient to transfer custody of a holding in a RMMI or NMMI – this is aimed at incentives offered to encourage clients to switch platforms which the FCA considers a legitimate practice; and
  
  
• promotions including benefits which are intrinsically connected to the relevant investment activity, such as voting rights which are inherently connected with a share.

As tempting as it might be to say that implementation of the Consumer Duty is "so last year", this is, of course, not the case.

First, the second implementation date is still to come: on 31 July 2024 the rules and guidance will come into force in respect of all products and services held in "closed books".

Furthermore, firms should now be giving consideration to the governing body report required by PRIN 2A.8.3R. This rule requires the firm to prepare a report for its governing body setting out the results of its monitoring under PRIN 2A.9 and any actions required as a result of the monitoring. Then, at least once a year, the board or equivalent governing body of the firm must review and approve that report on the outcomes being received by retail customers, confirm whether it is satisfied that the firm is complying with its obligations under the Consumer Duty and assess whether the firm's future business strategy is consistent with that Duty. Before signing off, the board/governing body must agree any actions required to address any identified risks or poor customer outcomes and agree whether any changes to the firm's future business strategy are required to bring it in line with the firm's obligations under the Consumer Duty.

The FCA's core investment advice regime – a reminder

You may (or may not) remember that, back in November 2022, the FCA consulted on the introduction of a new core investment advice regime – broadly, this involved the proposed establishment of a new streamlined regulatory "sub-regime" under which firms would be able to provide a level of financial advice proportionate to a consumer who has straightforward needs and who holds excess cash to invest that cash within a stocks and shares ISA wrapper. No changes would be made to the regulatory perimeter in terms of the regulated activity of advising on investments (which, in any event, would have had to be made by HM Treasury). We set out our summary of the FCA's proposals in Section 2 of our 2023 New Year Briefing. Consultation closed on 28 February 2023.

At the time, the FCA had said that it intended to publish a policy statement with final rules and guidance in spring 2023, with a view to the new core investment advice service being available from the beginning of April 2024. However, spring came and went. In August 2023, the "radio silence" was broken by an update from the FCA in which it reported that it would be rolling the development of the proposals into the wider Advice Guidance Boundary Review.

The wider Advice Guidance Boundary Review

The Advice Guidance Boundary Review had previously been announced in December 2022 as part of the package of "Edinburgh Reforms" – under this Review, HM Treasury is committed to working with the FCA to examine the boundary between regulated financial advice and financial guidance – which they refer to as the "advice gap" – "with the objective of improving access to helpful support, information and advice, while maintaining strong protections for consumers".

The rationale for rolling the development of the core investment advice proposals into the Advice Guidance Boundary review is clear: quite apart from anything else, the Review is wider and allows for the possibility of more fundamental changes to the regulation of investment advice in the UK, not least because the Treasury is involved and has the power to make changes to the regulatory perimeter. In addition, the FCA had also received a fair amount of lukewarm, if not negative, feedback to its consultation on the core investment advice regime – generally, the industry felt that the proposals did not go far enough in exploring the boundary between investment advice and guidance. Quite how much of the regime as originally proposed will eventually survive remains to be seen (see below).

"Mind the gap": the initial thinking

On 8 December 2023, HM Treasury and the FCA published a joint policy paper for discussion: DP23/5: Advice Guidance Boundary Review – proposals for closing the advice gap. The period for comments closes on 28 February 2023.

The policy paper sets out the initial joint proposals from the Treasury and FCA for closing what they describe as the "advice gap": in other words, the boundary between financial advice and guidance available for retail investments and pensions. Or, as the policy paper puts it, the distinction between "holistic advice" where an adviser considers a client's circumstances before making investment recommendations as opposed to the provision of information and guidance, where no personal recommendations are made – here the adviser typically only gives generic, factual information. Many FCA-authorised firms (e.g. asset managers, banks, life insurers and pension providers) offer this type of "non-advised" support: for them, because they are authorised, where the support does not amount to the provision of a personal recommendation, it does not constitute the regulated activity of "investment advice". In feedback to date, firms have said that they would like to offer further support to their clients, by way of information and guidance, but are nervous about doing so for fear of falling foul of this regulated advice boundary.

In the policy paper, the Treasury and FCA set out three initial – and determinedly high-level – proposals:

• Proposal 1: Further clarification of the boundary – this would involve the provision of further guidance from the FCA (or the simplification of existing guidance) with the aim of providing firms with more certainty and confidence in providing services closer to (but not beyond) the boundary. No changes to existing regulatory requirements would be necessary.
  
  
• Proposal 2: Targeted support – this would involve a new regulatory framework, whereby firms would be able to suggest products based on the target market to which the consumer belongs, but not on an individually personalised basis. This would be something of a "hybrid", occupying an area somewhere between unregulated information or guidance and regulated "holistic" (or simplified) advice. The policy paper discusses the types of support that could be offered under this model.
  
  
• Proposal 3: Simplified advice – this would involve a development of the FCA's original November 2022 proposals, taking into account the negative feedback to the specific proposals, to build a form of simplified advice that would involve less of the "hands on" support that is required by "holistic" advice. It would be regulated, insofar as it would be presented as suitable for the consumer and result in a personal recommendation, but it would be calibrated to take into account only relevant information about the consumer's needs.

The policy paper also includes a chapter which specifically looks at considerations for pension scheme trustees: the FCA understands that many trustees of DC occupational pension schemes are concerned about the advice boundary fettering their ability to give full support to their pensioners.

It is clear that the Advice Guidance Boundary Review is in its early stages and still has a long way to go before policy proposals crystallise. The advice gap is described as being a "complex and long-standing issue" and the Treasury and FCA acknowledge that their thinking is in its early stages.

As part of a series of post-Brexit initiatives to improve the UK's capital markets, HM Treasury launched the UK Investment Research Review (the Review) in Spring 2023. A call for evidence was published in April 2023. While we have not yet seen the FCA's "expedited" rule changes to give effect to some of the Review's recommendations, there may be a significant relaxation of the rules that currently govern the basis on which investment research may be paid for: this includes allowing buy-side firms the option of being able to pay for research by combining the cost of such research with execution charges (which, on the face of it, would permit the reintroduction of a degree of "bundling").

The term "investment research", as defined in the UK, is derived from MiFID II: it means research or other information recommending or suggesting an investment strategy, explicitly or implicitly, concerning one or several financial instruments or issuers, including any opinion as to the present or future value of such instruments, intended for distribution channels or for the public and in relation to which certain conditions are met. Those conditions are that the research or information is labelled or described as investment research (or in similar terms) or is otherwise presented in objective or independent terms; and that if the relevant recommendation were made by an investment firm to a client, it would not constitute a "personal recommendation" as defined – in other words, it would not be advice tailored to the circumstances of an individual investor.

Investment research may be published in relation to individual companies, and also in relation to a group of companies in an identified sector. The Review covered a wide range of different type of research, including both equity research in relation to quoted companies and FICC research in relation to publicly traded debt instruments.

On 10 July 2023, HM Treasury published the outcomes of the Review. The report included seven key recommendations (all of which were accepted by the Chancellor of the Exchequer in his Mansion House speech that evening):

• The establishment of a Research Platform – to provide a central facility for the promotion, sourcing and dissemination of research on publicly traded companies, particularly smaller cap companies. While the details would need to be worked on, the starting recommendation was that it would be operated by one or more third parties, the research that it produces should be freely available and that the operator(s) would have a "roster" of authorised research providers to carry out the requisite research. The Research Platform could include a facility under which a central repository of information is kept in relation to issuers (in similar fashion to EDGAR in the US).
  
  
• Amendment to the regulations governing how investment research is paid for by including additional optionality for paying for investment research – buy-side firms should be able to pay for investment research out of their own pocket, through a specific client charge or by combining the cost of research with execution charges. This last proposal is significant because it would involve a degree of relaxation of the strict FCA rules (derived from MiFID II) which currently severely limit the ability to use bundling.
  
  
• Introducing greater access to investment research for retail investors – possibly through amendments to the FCA rules and guidance.
  
  
• Involving academic institutions in the production of investment research.
  
  
• Introducing a voluntary code of conduct for issuer-sponsored research, developed by the industry itself.
  
  
• Reviewing and clarifying the UK regulatory regime for investment research – ideally by introducing a bespoke – and potentially simplified - regime designed to facilitate the provision of research to retail investors.
  
  
• Reviewing the investment research rules for IPOs – including potentially simplifying the existing rules on IPO timetabling and connected analyst research (i.e. research produced by analysts employed by the same investment bank/corporate finance firm that has the corporate finance mandate).

While some of the recommendations would require Treasury involvement to change existing MiFID II-derived legislation, the FCA has sounded its willingness to consider making expedited regulatory changes. The regulator published a statement in response to the Chancellor's Manson House speech in which it announced that it was immediately engaging with market participants and intends to consult on "an accelerated timetable" on potential regulatory changes that could introduce more options on how to pay for investment research. It will also take into account market feedback on the timing of rule changes and the industry's preparedness to deal with the operational changes required. Subject to this, the FCA aims to make the relevant rules in H.1 2024.

One of the things that the government committed to as part of the Edinburgh Reforms announced in December 2022 was a review of the Senior Managers and Certification Regime (SM&CR). In late March 2023, HM Treasury published a Call for Evidence on the performance, effectiveness and scope of the regime. Alongside that, the FCA and PRA consulted too in a joint discussion paper, DP23/3: Review of the Senior Managers and Certification Regime (SM&CR).

Neither of the papers contained anything in terms of specific proposals for change:

• The HM Treasury Call for Evidence sought information on some fundamental aspects of the regime (e.g. as to whether it had delivered against its original aims, what impact the regime had had on international competitiveness and whether any aspect of the regime may be perceived as a deterrent to firms or individuals locating in the UK).
  
  
• The FCA/PRA discussion paper focused on the operational aspects and rules of SM&CR and sought views on the effectiveness, scope and proportionality of the regime. The regulators' discussion paper also touched on international competitiveness and whether there are aspects of the current regime which may have the effect of deterring people from taking up Senior Management roles.

The FCA and PRA are considering the responses to the DP and is working with HM Treasury to decide next steps. In the Regulatory Initiatives Grid, the FCA says that it will provide an update on next steps "in due course".

Following the intensive media and political scrutiny of the approaches taken by banks to deciding to close customers' accounts (leading to the entry of the word "debanking" into the lexicon), the Government is advancing a package of proposals, albeit with different scopes and at different speeds.

HM Treasury published a policy statement in July 2023, stating that legislative changes would be made to the regulations on how PSPs terminate accounts. This was followed by more detail in October 2023. Regulation 51 of the PSRs will be amended such that PSPs subject to that regulation will, when terminating their contracts with customers, have to provide customers with:

• 90 days' advance notice (the PSRs currently require two months' notice); and
  
  
• a clear and tailored explanation for the decision to terminate. The format of this will not be prescribed, but the customer should clearly understand why the account has been closed, with the intention being that greater transparency could allow customers greater opportunities to challenge such decisions.  

This would be without any prejudice to PSPs' existing legal and regulatory duties to close accounts (including more quickly and without giving reasons), such as requirements of anti-money laundering legislation. In addition, the current scope of regulation 51 would not change. This means that regulated consumer credit agreements (such as credit card accounts) would continue to be subject to their own regime, and for larger corporate clients, the requirements of regulation 51 can be disapplied by mutual agreement.

It is clear from the October paper that the Government's expectation is that the "standard practice" will be 90 days' notice with a clear and tailored explanation; unless that is incompatible with other statutory or regulatory obligations. This will require PSPs to review their contractual termination rights to put the correct structures in place.

A draft Statutory Instrument was expected by the end of 2023, which had not been published at the time of writing.

At the same time as the latter statement, the Chancellor delivered his speech to the Conservative Party Conference, which included a short passage stating that "We’ll tighten the law to stop people being debanked for the wrong political views." This was accompanied by a press release from HM Treasury which added relatively few details, but signalled a substantive development:

• The text refers to changes to the Threshold Conditions (described as "the rules which determine whether a bank can operate").
  
  
• The suggestion is that banks will be required to "show exactly" how they protect customers' freedom of speech.
  
  
• Banks' "existing obligations not to discriminate" are referenced.

The references to 'banks' and to 'Threshold Conditions' may mean that the scope of these changes will be limited only to banks, but without more detail it is hard to be certain. A public consultation was described as the next step – this has yet to have happened.

In September 2023, the FCA published a report on UK Payments Accounts: access and closures in which it broadly found - having conducted a survey of 34 credit institutions and payment firms – that the most common reasons for account closures were dormancy/inactivity or concern the account was being used to further financial crime. While it broadly concluded that political beliefs were not the primary cause of de-banking, the regulator is conducting further work into the role of reputational risk in banks' decision-making – see the FCA's letter to the Chancellor for more details.

We expect that HM Treasury is, or has been, discussing the practicalities of these proposals with the PRA and FCA, given their key roles in enforcing the approach to authorisation.    

In addition to the EU developments outlined above, which will of course impact Luxembourg and entities/individuals based in Luxembourg, The Commission de Surveillance du Secteur Financier (CSSF) will be continuing its focus on ESG/SFDR and anti-greenwashing in 2024. In particular:

• the CSSF collected a significant amount of data through its SFDR survey on pre-contractual disclosure, which closed on 31 October 2023 and confirmed that it will continue this type of exercise in 2024;
  
  
• as it happens, the CSSF had already announced an SFDR survey on periodic disclosure for funds disclosing under Article 8 or Article 9 of SFDR with a first deadline of 31 January 2024 for periodic reports issued in 2023;
  
  
• the aim of this survey is to collect in a digital format and on an annual basis, in accordance with the financial year-end of the financial products, information contained in the SFDR periodic templates;
  
  
• it is likely that the CSSF will extend these data collection exercises to also collect information contained in PAI statements; and
  
  
• we expect the CSSF to do more and conduct SFDR/ESG focused on-site visits and it is possible that 2024 will bring the first public sanctions imposed by the CSSF specifically relating to greenwashing and SFDR compliance – the CSSF will now be looking more at enforcement.

See our briefing Sustainability Disclosure Requirements (SDR) and investment labels: the new rules | Travers Smith which looks at the key components of the SDR and labelling requirements and assesses who will be in-scope and what it will mean for them.

In brief

On 28 November 2023, the FCA's long-awaited and twice-delayed final rules on sustainability disclosures for asset managers and the development of a labelling regime for eligible products were finally published in PS23/16: Sustainability Disclosure Requirements (SDR) and investment labels. In contrast with EU SFDR, this will be – from the outset at least – a very UK consumer-focused regime.

The Sustainability Disclosure Requirements (or SDR) will mandate additional sustainability reporting for most UK collective asset management firms, and will sit alongside a new, retail-focused labelling regime.  While SDR might be the UK's answer to the EU's SFDR, the two regimes are fundamentally different in a number of respects and whether they will converge in the future as part of the European Commission's fundamental review of SFDR remains to be seen.

While SDR will be most relevant to UK collective asset management firms, some of the rules will be of much broader application – for instance all FCA-authorised firms will be subject to a new anti-greenwashing rule as from 31 May 2024 – and there are plans to expand the regime in various ways (future consultations are promised in relation to extending the requirements to segregated portfolio managers and overseas funds).

Anti-greenwashing rule

As discussed in our briefing, one component of the new regime is a blanket rule applicable to all FCA-authorised firms, the so-called "anti-greenwashing rule". This will take effect not, as originally proposed, immediately upon the publication of the final rules, but from 31 May 2024. This is to allow for a consultation on guidance to run its course: GC23/3: Guidance on the Anti-Greenwashing Rule. That consultation closes on 26 January 2024.

As the proposed Guidance indicates, the anti-greenwashing rule links to existing FCA requirements in COBS to ensure that communications are fair, clear and not misleading – it clarifies that that those requirements apply in the context of claims referencing the sustainability characteristics of products and services (the proposed Guidance often abbreviates this to "claims"). Firms that are within scope of the Consumer Duty will also need to be mindful of those rules – the FCA considers its expectations as regards the anti-greenwashing rule and the retail market to be consistent with that Duty.

In the light of this "interconnectivity", the FCA highlights its practical expectations in relation to sustainability-related claims made by firms. Firms should ensure that such claims are:

• correct and capable of being substantiated;
  
  
• clear and presented in a way that can be understood;
  
  
• complete – insofar as they should not omit or hide important information and should consider the full life cycle of the product or service; and
  
  
• fair and meaningful in relation to any comparisons to other products or services.

The FCA elucidates on these expectations by way of seven illustrative examples. Ultimately, this all boils down to – as the FCA puts it – the expectation that "firms' sustainability-related claims about their products and services should live up to what they are claiming, and firms should have the evidence to back them up". Arguably, the anti-greenwashing rule adds little to the clear, fair and not misleading Principle, the Consumer Duty and other existing requirements. However, it undeniably provides an express focus on sustainability-related claims specifically and, in terms of context, forms part of the wider naming and marketing rules.

As mentioned above, the UK has been playing a slow and considered game of "catch-up" when it comes to the development of a robust and holistic approach to the regulation of ESG and sustainability.

FCA ESG Rules and TCFD-aligned reporting – a brief reminder

While much attention is naturally focused on the new sustainability disclosures for asset managers outlined above, it should be remembered that these will overlay existing requirements relating to TCFD climate-related reporting.

By way of reminder, in-scope firms include UK full-scope AIFMs (and, technically, small authorised UK AIFMs), UK UCITS management companies, UK MiFID segregated portfolio managers and any firms in respect of "portfolio management". As regards that last category, the term "portfolio management" has – in the context of the existing TCFD-aligned reporting requirements – been given an extended meaning: so, in addition to the regulated activity of discretionary portfolio management, it captures private equity and other private market activities consisting of either advising on investments or managing investments on a recurring or ongoing basis in connection with an arrangement the predominant purpose of which is investment in unlisted securities.

Broadly, in-scope UK-regulated firms with more than £5 billion of assets under management are already subject to the TCFD-aligned reporting requirements set out in the FCA's Environmental, Social and Governance (ESG) sourcebook:

• Firms with over £50 billion under management became subject to the rules on 1 January 2022 and should have delivered their first reports by 30 June 2023.
  
  
• Firms with between £5 billion and £50 billion under management became subject to the rules on 1 January 2023 and their first entity-level and (if relevant) public product-level disclosures are due on 30 June 2024. (Asset managers are exempt from the disclosure requirements if, and for long as, the assets under management or administration are less than £5 billion.)

Discretionary portfolio managers and AIFMs managing non-listed unauthorised AIFs are relieved from having to make the above public product-level disclosures. Instead, however, they will only be required to make product-level disclosures available to clients or fund investors on request in order to satisfy the climate-related financial reporting obligations of such clients or investors. The first such on demand request cannot be made any earlier than 1 July 2024 in respect of any reporting period starting after 1 January 2023.

In contrast to EU SFDR, the TCFD disclosures involve a combination of data and detailed narrative that goes to the heart of an in-scope firm's business, including, for example, a description of the firm's risk frameworks. In practical terms, this means that firms – perhaps with the help of an external ESG consultant – need to be well advanced in their preparation.

UK Green Finance Strategy – Mobilising Green Investment

On 30 March 2023, which some referred to as "Green Day", the UK Government published its 132-page 2023 Green Finance Strategy, setting out its proposals for mobilising green finance and investment in the UK. Our briefing, UK 2023 Green Finance Strategy, highlights the main proposals and future actions relevant for the financial services industry: the UK Green Taxonomy, transition plans, the IFRS Sustainability Disclosure Standards (and whether they should be adopted in the UK), the key transmission channels for providing finance to transitioning businesses, Scope 3 emissions reporting, the incorporation of the TNFD framework (see below) and physical climate risks. These are all to be subject to further discussion, consultation and implementing measures, so the Strategy was a statement of intent and an indicator of direction of travel, rather than containing granular requirements.

UK regulation of ESG ratings providers

At around the same time as the European Commission issued its consultation on proposed measures relating to data services providers (see above), in the UK the "Green Day" fanfare of climate-related and sustainable finance policy measures included a consultation from HM Treasury on the Future regulatory regime for Environmental, Social and Governance (ESG) ratings providers. The consultation closed on 30 June 2023.

The consultation paper set out the initial policy proposals for the scope of a regulatory regime governing ESG ratings providers.

The core policy proposal:

The core policy proposal was that the direct provision of an assessment of ESG factors to a user in the UK, where the assessment is used in relation to a specified investment, should be brought into regulation, unless an exclusion applies. The remainder of the consultation hung off that central premise.

Description of ESG ratings and their provision:

The Treasury proposed that an ESG rating in the context of a new regulated activity would cover an assessment regarding one or more ESG factors, whether or not it is labelled as such. This would capture a wide range of assessments, whether called "ratings", "scores", "marks" or anything else, including where market participants consider such assessments to be "data products". In other words, what matters is not (necessarily) what the assessment is called, but what it does in substance.

However, data on ESG matters where no assessment is provided would be exempt, as would data which is only minimally processed (e.g. by formatting or summarising) provided there is no separate provision of an assessment.

The activity of providing an ESG rating:

The new regulated activity would cover providing an ESG rating to be used by a person in the UK in relation to a specified investment under the Regulated Activities Order.

Exclusions:

Over and above the exemptions mentioned above (under Description of ESG ratings and their provision), there will be a number of express exclusions for specified types of service or activity, provided in each case that it would not be provided in conjunction with the provision of ESG ratings for use in relation to specified investments:

• Provision of ESG ratings by non-for-profit entities (e.g. registered charities, registered not-for-profit entities in another jurisdiction).
  
  
• Own use assessments.
  
  
• Group use assessments.
  
  
• Credit ratings which consider the impact of ESG factors on creditworthiness.
  
  
• Investment research reports (e.g. equity research reports).
  
  
• External reviews (including second-party opinions, verifications and certifications of ESG-labelled bonds).
  
  
• Proxy advisor services.
  
  
• Consulting services, even where these relate to ESG matters.
  
  
• Academic research or journalism.

Territorial scope:

As a minimum, both UK and overseas ratings providers who "directly provide" ratings to users in the UK would be caught. In this context, "direct provision" is intended to capture where an ESG rating is provided to a UK user who has paid for that rating, either on its own or part of another services or bundles of products. Free ratings would be out of scope.

Further activities may also be brought within the scope of regulation.

Next steps and a parallel voluntary Code:

As discussed, the Treasury consultation closed in June 2023. Press reports in November 2023 indicated that, following the consultation, the government is intending to proceed with its plans to regulate ESG ratings providers and is planning on setting out formal proposals in a consultation "as early as January" according to "Whitehall insiders", although, at the time at least, it was still sifting through the various responses. As and when the statutory regime is established, the FCA will consult on new firm-facing requirements. It has indicated that, subject to consultation, its regulatory approach would take the main elements of the IOSCO recommendations as a starting point.

Alongside the Treasury's development of a statutory regime, the FCA has been involved in the development of a voluntary Code of Conduct by the industry. In 2022, it had appointed the International Capital Market Association and the International Regulatory Group to convene an industry group – the ESG Data and Ratings Code of Conduct Working Group (DRWG) – to develop a voluntary code which is intended to be internationally interoperable. On 5 July 2023, DRWG issued a consultation on the draft Code of Conduct, based on IOSCO's recommendations and structured around four key outcomes. The consultation closed on 5 October 2023. The final code was published on 14 December 2023. The Code consists of six principles, together with a guide on the application and interpretation of those principles. As and when a provider signs up to the Code, there will be an implementation period enabling it to embed the principles: for ESG ratings providers this will be six months, for ESG data products providers it will be 12 months.

The FCA has signalled that it will continue to work closely with HM Treasury while it considers whether the regulatory perimeter should be extended to include ESG ratings providers. The regulator sees the Code as playing an important role in raising standards in the short term while the statutory regime (assuming it is settled) is introduced and also because it will be relevant to those firms that will fall outside such statutory regulation.

UK Sustainability Disclosure Standards

On 2 August 2023, the Department for Business and Trade published information on the UK government's framework to create UK Sustainability Disclosure Standards (UK SDS) by assessing and endorsing the global corporate reporting baseline of the IFRS Sustainability Disclosure Standards.

UK SDS will be the UK's answer to the European Sustainability Reporting Standards (ESRS) which underpin the EU Corporate Sustainability Disclosure Regulation (see above). They will set out corporate disclosures on the sustainability-related risks and opportunities that companies face and will form the basis of any future requirements in UK legislation or regulation with similar effect to EU CSDR – i.e. requirements on UK companies to report on risks and opportunities relating to sustainability matters, including those arising from climate change. It seems likely, therefore, that, whereas the ESRS were developed and published after the framework EU CSDR, in the UK the UK SDS will precede the development of a UK statutory and/or regulatory regime which will mandate disclosures in accordance with those standards.

The UK SDS will be based on the IFRS Sustainability Disclosure Standards issued by the International Sustainability Standards Board (ISSB) (the standard-setter into which TCFD is being subsumed). The first two of these standards were published by ISSB in June 2023:

• IFRS S1 General Requirements for Disclosure of Sustainability-related Financial Information: the main objective of this Standard is to require the disclosure of all information about sustainability-related risks and opportunities that could reasonably be expected to affect a company's prospects (e.g. its cash flows, access to finance or cost of capital) over the short, medium or long term, i.e., those that are financially material.
  
  
  • IFRS S1 sets out the basic requirements for sustainability disclosures and is designed to be used in conjunction with IFRS S2 (and future Standards when published);
    
    
  • requires disclosure of all material information about sustainability-related risks and opportunities alongside mandatory financial statements and is designed to facilitate the information needs of investors – and to enable investors to understand the links between the sustainability-related risks and opportunities and the sustainability-related financial disclosures and financial statements; and
    
    
  • requires the disclosure of risks and opportunities on ESG topics which are material to the company in question – to determine those ESG topics, companies are expected to refer to external sources such as industry-based standards from the Sustainability Accounting Standards Board (SASB).
    
    
• IFRS S2 Climate-related Disclosures: this has been developed to capture climate-specific requirements and includes standards relating to:
  
  
  • strategy disclosures that distinguish between physical risks and transitional risks;
    
    
  • disclosure of plans to respond to climate-related risks and opportunities (including the setting of climate-related targets and any that are mandated by law or regulation);
    
    
  • the performance of scenario analyses to assess how various climate-related events may impact upon the business in the future; and
    
    
  • what climate-related metrics and target disclosures should include.

In effect, the IFRS S2 climate-related disclosures will ultimately replace the TCFD reporting standards, although the TCFD recommendations and IFRS are not identical. A helpful comparison of the two standards produced by the IFRS Foundation is available here.

The Secretary of State for Business and Trade will consider whether to endorse the IFRS S1 and IFRS S2 IFRS by July 2024 with the aim of creating the first two UK SDS. The UK standards will only diverge from the global standards if "absolutely necessary for UK specific matters".

The UK government has established two committees for assessing the IFRS Sustainability Disclosure Standards and making recommendations: the UK Sustainability Disclosure Technical Advisory Committee (TAC) and the UK Sustainability Disclosure Policy and Implementation Committee (PIC).

On the 18 July 2023, the first of these two committees, UK Sustainability Disclosure Technical Advisory Committee (TAC) published a Call for Evidence seeking views on the UK endorsement of IFRS Sustainability Disclosure Standards IFRS S1 and IFRS S2 and whether the disclosures they require will work in the UK – i.e. whether they will result in disclosures that are understandable, relevant, reliable and comparable for investments, are technically feasible to prepare, can be prepared on a timely basis and at the same time as financial reports and are expected to generate benefits that are proportionate to the costs that are likely to be incurred in preparing them. This Call for Evidence closed on 11 October 2023.

UK Green Taxonomy

In the 2023 Green Finance Strategy (see above) the Government said that it expected to consult on the UK Green Taxonomy "in Autumn 2023". Now that we are in the New Year, and winter has come, we are still waiting to see the UK's proposed answer to the EU Taxonomy. This is perhaps not surprising given the volume of recommendations that were published by the Green Technical Advisory Group (GTAG) within the space of less than a year, the last batch arriving in October 2023.

GTAG was established in 2021 and was tasked with providing non-binding technical advice to the UK government on the various market, regulatory and scientific considerations for developing and implementing the UK Green Taxonomy.  As we reported in our 2023 New Year Briefing, GTAG first started publishing material in October 2022. Its work continued throughout 2023 and in late summer/early autumn it published a final set of five reports containing final technical advice for HM Treasury:

• Developing a UK taxonomy adapted to the UK's needs in the short and medium term: Scope, coverage and reporting considerations (Report 1)
  
  
• Getting KPIs Right: Implementing an effective reporting regime for the UK Green Taxonomy (Report 2)
  
  
• Operational considerations for taxonomy reporting: assessing and dealing with data gaps and the use of proxies (Report 3)
  
  
• Treatment of green financial products under an evolving UK Green Taxonomy (Report 4)
  
  
• Creating an institutional home for the UK Taxonomy (Report 5)

On 5 October 2023 GTAG published a closing statement from its Chair saying that "GTAG has advised, now the UK must implement".

Report 1: Developing a UK taxonomy adapted to the UK's needs in the short and medium term: Scope, coverage and reporting considerations

On the question as to whether the taxonomy should be extended to cover more transition or harmful activities GTAG advised against this for the time being: the government should postpone any decisions about introducing such an extension until a later date. In the medium term, the first review of the taxonomy (expected to occur three years after its introduction) presents the right opportunity to reassess whether other tools and policies have been effective in addressing transition or harmful activities or whether it is necessary to reconsider extending the taxonomy. In the meantime, the government should prioritise the delivery of a taxonomy that clearly defines "green" economic activities and is seen as "credible, robust and usable".

In terms of the various options to expand the taxonomy to cover other sectors and industries (this is distinct from the question of extending the taxonomy to cover transition or harmful activities as outlined above) GTAG concluded that this should be prioritised for certain sectors and activities, but in each case the rationale should be spelled out. In this regard, GTAG focused on the UK gross value added to the UK economy and recommended that the government should consider increasing coverage of wholesale and retail trade, manufacturing, agriculture and – potentially – financial and advisory services, though as regards these GTAG conceded that further work would be required to develop and test technical screening criteria.

On emissions, GTAG concluded that there was limited benefit in diverging from the approach in the EU Taxonomy, at least not in any major way. From the perspective of emissions, the sectoral coverage of the EU Taxonomy is deemed to be a "good fit" for the UK's emissions profile and supports the climate change mitigation objective for the UK Green Economy.

In terms of mapping the EU Taxonomy to the UK's net zero trajectory, however, things are less good: some potential gaps were identified in the existing EU Taxonomy sectors and some significant sectors for the UK are not covered at all (e.g. agriculture).

In the light of market feedback, GTAG advised that "enabling activities" should be included in the UK Green Economy – i.e., as defined by the Technical Expert Group, "economic activities that, by provision of their products or services, enable a substantial contribution to be made in other activities". The example given is of an activity that manufactures a component that improves the environmental performance of another activity.

In terms of scope, GTAG recommended – perhaps not surprisingly – that the taxonomy should apply to companies that are subject to mandatory Taskforce on Climate-related Financial Disclosure (TCFD) reporting. The rationale for this is that both TCFD reporting and reporting under the taxonomy will be integrated into the UK's Sustainability Disclosure Regime (SDR) – see above. It will be necessary to phase-in reporting obligations in order to enable in-scope companies to have time to prepare for the publication of relevant data so as to give financial institutions the data they need to facilitate their own reporting obligations. The proposed phasing is that:

• In Year 1: Non-financial institutions should report on taxonomy eligibility.
  
  
• In Year 2: Financial institutions should report on taxonomy eligibility and non-financial institutions should report on taxonomy alignment.
  
  
• In Year 3: Financial institutions should report on taxonomy alignment.

On the subject of taxonomy key performance indicators (KPIs) for non-financial institutions, GTAG suggested that the EU Taxonomy KPIs that require corporates to report on their taxonomy-related CapEx, OpEx and turnover should be reassessed and, in particular, that the Department for Business and Trade should consult on limiting mandatory reporting to turnover and CapEx, and making the reporting of OpEx optional. Beyond that, the SDR framework should factor in existing industry feedback on whether the EU Taxonomy KPIs are working when developing the UK equivalents – GTAG produced a separate report on getting the UK KPIs right (see below).

Report 2: Getting KPIs right: implementing an effective reporting regime for the UK Green Taxonomy

The 2023 Green Finance Strategy (see above) included a commitment to mandate company disclosures in line with the UK Green Taxonomy following a voluntary disclosure period of at least two reporting years. GTAG were clear that corporates should report in advance of financial institutions because the latter rely on information disclosed by their corporate clients and investee companies to complete their own reporting.

Beyond such sequencing, Report 2 focused on the KPIs to be used in UK Green Taxonomy reporting. The development of the UK taxonomy – and the fact that the UK has not adopted relevant provisions of the EU Taxonomy Regulation – is an ideal opportunity to design what GTAG called a "more effective reporting framework" taking into account the various problems and issues that have arisen under the EU regime.

The main recommendations in relation to non-financial company reporting were that:

• There should be mandatory reporting of turnover and capex relative to the taxonomy, as primary indicators of performance, but that reporting of opex should be optional.
  
  
• There should be clear and consistent definitions for turnover, capex and opex KPIs (since turnover and revenue have different meanings in accounting and legal standards) – the government should consult as soon as possible on these.
  
  
• The scope of capex category C (meaning, as currently defined in the EU Disclosures Delegated Act, capital expenditure related to the acquisition of production from Taxonomy-eligible economic activities and individual measures that enable the target activities to become low-carbon or lead to greenhouse gas reductions) should be expanded to cover a wider range of environmental objectives. To do this, the UK government was advised to consider developing a universal set of Do No Significant Harm (DNSH) indicators that can be applied to various activities and sectors not currently covered by the UK Green Taxonomy.

Report 2 also made a number of recommendations in relation to disclosures by credit institutions and investors. As regards investors, GTAG's final position was that investment funds should report at fund level and disclose taxonomy components for each fund, instead of using the green asset ratio (GAR) at entity level. This is in recognition of the fact that, for the most part, asset managers fulfil an agency role and are bound by existing investment guidelines which limit the percentage of green taxonomy-aligned investments they can direct. Furthermore, such fund-level reporting should be applied to all funds, regardless of whether they have an ESG label or categorisation attached.

Report 3: Operational considerations for taxonomy reporting: assessing and dealing with data gaps and use of proxies

GTAG recommends that the government should work to enhance the usability of the UK Green Taxonomy, given the current complexity of the EU Taxonomy and the fact that companies and data providers have faced data issues, particularly as regards the "do no significant harm" (DNSH) criteria. The development of a UK-specific taxonomy presents the ideal opportunity to learn from the experience (and mistakes) of other taxonomies (not least the EU one). Increased usability will encourage additional voluntary reporting which in turn will lead to a greater volume of relevant data.

During the voluntary disclosure period the UK government should:

• establish (as the European Commission intends to do) a forum or FAQs for stakeholders to raise data issues, challenges and questions;
  
  
• indicate how and when estimates can be used, but clearly warning that such estimates should only be used where reported data is unavailable; and
  
  
• consider developing a reporting template – either in collaboration with a stakeholder group or at least tested by one.

Report 4: Treatment of green financial products under an evolving UK Green Economy

The main objectives of this paper were to set out GTAG's recommendations as to how activities previously considered environmentally sustainable – i.e. "green" – will be treated when the UK Green Taxonomy is implemented, and to advise on how taxonomy-aligned activities, products and investments should be treated as the taxonomy evolves. This will involve the use of a "grandfathering" clause which strikes a balance between encouraging use of the taxonomy to develop new green products and minimising the risk of greenwashing as standards change and become more sophisticated.

Report 5: Creating an institutional home for the UK Taxonomy

In its final report on the UK Green Taxonomy, GTAG reported that it had assessed the options for creating an "institutional home" for the taxonomy. Its key recommendations were:

• in the short term, as a "least regrets" option, the government should establish an Advisory Body to support implementation and development of the taxonomy. This could be realised by giving responsibility (with commensurate funding) to an existing body such as the Financial Reporting Council (FRC) (which is due to become the Audit, Reporting and Governance Authority (ARGA) in due course) or by creating a new body (e.g. "GTAG 2.0"); and
  
  
• In the medium term, the government should legislate to confer long-term statutory decision-making powers on the "institutional home" (for instance, through amendments to FSMA or to the Companies Act 2006). Again, its preferred recipient for this long-term role was FRC/ARGA.

The European Commission issued in May 2023 its Retail Investment Strategy with a proposal for a Retail Investment Directive which included amendments to AIFMD and the UCITS Directive and a proposal for a new Retail Investment Regulation amending the PRIIPS Regulation.

We discussed the proposals at the time in our briefing: EU Retail Investment Directive and Regulation | Travers Smith.

Most notably, although the proposals are described as a Retail Investment Strategy, many of the changes are not limited to funds with retail investors or dealing with retail clients.  Therefore many AIFMs with professional clients who might have considered themselves out of scope, such as private equity funds or venture capital funds, will potentially be affected.

As regards AIFMD and the UCITS Directive, the proposals in the Retail Investment Directive include enhanced obligations on AIFMs and ManCos not to charge "undue costs" including obligations to operate an effective pricing process and to reimburse the fund or investors for any undue costs charged. Costs borne by retail investors must be justified and proportionate having regard to the characteristics of the AIF or UCITS.  ESMA would also be empowered to create public benchmarks to facilitate comparative assessment of costs and performance of AIFs and UCITS.

There have been concerns about how well the concept of "undue costs" translates to alternative fund structures with bespoke pricing arrangements and sophisticated investors.  The proposals in respect of benchmarks have also received some resistance and the European Parliament has suggested deleting these.

The Retail Investment Regulation introduces some amendments to the scope of the PRIIPs Regulation including a new exemption for certain pension products and clarification that certain types of bonds with make-whole clauses are out of scope. It also makes changes to the contents and format of PRIIPS KIDs including the introduction of a new sustainability section and updates to the provisions on making PRIIPs KIDs available in electronic format.

The Retail Investment Directive and Retail Investment Regulation are currently going through the EU legislative process with final agreement expected during the course of 2024.  This would then suggest an effective date of late 2025/early 2026.

At the end of 2022,  HM Treasury published a Consultation on PRIIPs and UK Retail Disclosure setting out the government's intentions to repeal the UK PRIIPs Regulation and asking for views on a new framework to replace it.  The FCA also issued a Discussion Paper, DP22/6: Future Disclosure Framework, seeking feedback on how the FCA could design and deliver a good disclosure regime (particularly in respect of PRIIPs and UCITS).  We discussed these in our 2023 New Year Briefing.

HM Treasury published a Policy Note with a near-final draft statutory instrument (the Consumer Composite Investments (Designated Activities) Regulations 2024) in November 2023.  The draft statutory instrument sets out the framework for the new UK retail disclosure regime but much of the detail will be in the FCA rules.  The FCA has not yet issued a consultation on its new proposed rules but it is likely that it will do so shortly.

Under the new framework, PRIIPs would be rebranded as "Consumer Composite Investments" and UCITS will also be brought within the scope of the new UK retail disclosure regime.  The UK PRIIPs Regulation which "onshored" the EU PRIIPs Regulation will be repealed.

New designated activities of "advising on a consumer composite investment"; "manufacturing a consumer composite investment"; and "offering a consumer composite investment" would be created.  Carrying on any of these activities in respect of a retail investor located in the UK will be a designated activity in accordance with the Designated Activities Regime introduced by FSMA 2023.

The new financial instrument of Consumer Composite Investment (CCI) is defined as "(a) an investment, or (b) an insurance product, other than excluded products, where the amount repayable is subject to fluctuations because of exposure to reference values or to the performance of one or more assets which are not directly purchased by the retail investor".  A retail investor means a non-professional client (based on the definition in the 'onshored' UK Markets in Financial Instruments Regulation) who is using (or may be contemplating using) the relevant services.

The definition of CCI is substantively similar to the definition of PRIIPs under the UK PRIIPs Regulation but it is possible that reformulating EU concepts as UK regulatory concepts may result in some divergence.  For example, the statutory instrument provides a new definition of manufacturing which includes:  "creating, developing, designing, issuing, managing, operating, carrying out, or underwriting a consumer composite investment".  It remains to be seen whether this will be interpreted more broadly than the EU concept of PRIIPs manufacturer.

As these activities are designated activities rather than regulated activities, they can be carried on by unauthorised persons (both UK and non-UK) but anyone carrying on such activities in the UK will need to comply with rules set by the FCA.  According to the Policy Note: "the FCA’s new rules for retail disclosure will be more flexible and proportionate for firms".

Persons carrying on designated activities in respect of CCIs who breach the FCA's rules may be liable to pay retail investors compensation for any loss suffered.  Unlike under the UK PRIIPs Regulation, this would not just apply to manufacturers.  The FCA will also have (as yet unspecified) enforcement powers.

It is not yet clear when the new regime will apply – it may start to come into effect as early as 2024.  There are likely to be some transitional provisions but the new regime is expected to apply in full as from 1 January 2027.

Although the government does not intend to change the policy aspects of the new regime, it asks for views on the drafting in the statutory instrument – including the proposed name "Consumer Composite Investment".  The deadline for comments was 10 January 2024.

The UK has continued to push forward its review of the UK funds regime during 2023 and this looks set to continue throughout 2024.  In addition to considering any impact from AIFMD II, closer to home, UK AIFMs will be anticipating the proposed consultation on amending the UK AIFMD regime which is expected during 2024.

Managers of authorised funds will be interested in the proposed consultation for non-UCITS retail schemes (NURS) which is also expected during 2024 as well as the proposals for PRIIPs and UK retail disclosures (see UK Retail Disclosure Regime above). 

In addition, the FCA has just launched a consultation with proposals to enhance the resilience of UK Money Market Funds (CP23/28: Updating the regime for Money Market Funds). 

Many UK asset managers will also have received, or will receive, a Smaller Asset Managers & Alternatives Business Model Questionnaire as the FCA seeks to understand better firms' business models and possible harms to consumers as part of its supervisory work on alternative asset management firms (which we originally discussed in 2022: FCA sets outs its alternatives supervisory strategy| Travers Smith).

We discuss some of the key developments below.

Review of UK funds regime

The FCA issued a Discussion Paper, DP23/2: Updating and improving the UK regime for asset management, in February 2023 which sought views on the current UK regulatory regime for funds and possible changes.

This was followed by a speech in October 2023 from Ashley Alder, Chair of the FCA, which provided some indication of which proposals would be taken forward by the FCA as a result of the feedback to the Discussion Paper:  Updating and improving the UK regime for asset management: our priorities.

The FCA's priorities for further action are:

• making the regime for alternative fund managers more proportionate;
  
  
• updating the regime for retail funds; and
  
  
• supporting technological innovation.

As regards the regime for alternative fund managers, the FCA has stated that it intends to consult on amending the AIFMD regime in 2024.  This consultation is expected to focus on making the regime for alternative fund managers more proportionate and tailored to the UK market.  This will inevitably result in the UK AIFMD regime diverging further from the EU AIFMD regime - in addition to the divergence resulting from EU AIFMD II, which the UK does not appear to be planning to replicate.

A particular focus of the proposed amendments is likely to be the distinction between full-scope, small authorised and small registered AIFMs with the FCA expressing a desire for a consistent set of rules across all managers of alternative funds.  This would be based on a proportionate regime taking into account the nature and scale of a firm’s business.  Although no specific details were provided in the speech, the FCA had previously suggested in the Discussion Paper measures such as changing the criteria for being considered a small AIFM (including criteria based on the AIFM's strategy or type of client) and possibly abolishing the small registered AIFMs regime.

The FCA is also considering modifying the rules which prevent full-scope AIFMs from carrying out other activities within the same legal entity.

In a second phase (likely to be in 2025), the FCA will also consider the regulatory reporting requirements including whether to ease some of the requirements requiring regulatory reporting when a fund is newly established, when there are any material changes to a fund, when there’s an acquisition or disposal of major holdings and in relation to the control of non-listed companies.

As regards updating the regime for retail funds, the FCA appears to have decided not to proceed with its suggestions to merge the UCITS and NURS regimes or to create a separate category of basic authorised fund with limited types of investments.  However, the FCA is considering how to simplify and clarify the rules applicable to NURS so that they are subject to a regime that is similar to the UCITS regime rather than the AIFMD rules.  This could also involve the rebranding of non-UCITS funds.  An initial consultation on this is expected in 2024.

The FCA also intends to carry out further work on tokenisation in the fund industry, which could ultimately lead to fully digitised funds (see Digital Securities Sandbox (DSS) and Similar Initiatives below), as well as the "Direct2Fund" model developed by the Investment Association which would permit investors to directly transact with an authorised fund when buying and selling units.

Reserved Investor Fund

HM Treasury and HMRC issued a Consultation on a proposed Reserved Investor Fund which would be a new type of tax-efficient fund which could possibly be a viable UK alternative to the Jersey property unit trust.

The Consultation proposed that it take the form of an unauthorised contractual scheme which would be both an AIF and a collective investment scheme and made available to professional investors, investors investing a minimum of £1 million and existing investors.

The Consultation closed on 9 June 2023 and no final proposals had been published as at the date of publication.

Repeal of ELTIF

The EU ELTIF Regulation came into force in the UK in 2015 and became part of UK law following Brexit. However, the ELTIF never gained any real traction in the UK and no UK ELTIF has ever been established.  Following the introduction of the Long-Term Asset Fund (LTAF) in 2021, a UK fund vehicle with similar objectives, the UK onshored ELTIF Regulation was repealed on 1 January 2024.

The LTAF has proved to be a relatively greater success with the first LTAF authorised in March 2023 and the scope of eligible investors extended during 2023 to include mass market retail investors and certain pension schemes.

PRIIPs and UCITS Disclosures

Pending the FCA's new rules on retail disclosures (see UK Retail Disclosure Regime above), it has issued a Statement on communications in relation to PRIIPs and UCITS seeking to address temporarily some identified concerns with retail costs and charges disclosures.

Due to the rigidity of the current disclosure requirements under the UK PRIIPs Regulation and the UCITS Key Investor Information Document (KIID) requirements, it was felt that certain charges were required to be included which did not accurately reflect the position of the fund and without the option for further information or an explanation to be provided.  This was particularly thought to be problematic for listed closed-ended funds which incur specific costs due to their corporate structure.

Therefore the FCA has introduced some temporary forbearance measures to the effect that where listed closed-ended funds and funds that invest in them (or manufacturers of such funds) consider the costs required to be disclosed do not appropriately reflect the ongoing costs, they can provide additional factual information.  This may include the breakdown of costs to put the aggregate number in context.  Although this may result in a technical breach of the requirements in respect of the UCITS KIID and the PRIIPs Key Information Document, the FCA confirmed that it would not take enforcement action for this.  This also extends to materials issued by MiFID firms that distribute PRIIPs or UCITS.  However, firms will still be required to consider their obligations under the Consumer Duty.

In a connected development, a private members’ bill (the Alternative Investment Fund Designation Bill) has been published with proposals for listed investment companies to be exempt from designation as an AIF.  This is on the basis that, under AIFMD, the reporting requirements do not distinguish between costs already accounted for within the share price and costs that are yet to be deducted from value.  It is not yet clear whether this is likely to progress further.

Private markets: risks of valuations – FCA focus in 2024

In September 2023 IOSCO published a final report: "Thematic Analysis: Emerging Risks in Private Finance" which, among a number of other risks, identified opaque valuations and vulnerabilities arising from valuations as being of particular concern in private markets. "Private finance" for IOSCO, includes private equity, venture capital and debt funds. Stale or inaccurate valuations are, IOSCO says, a potential threat to market integrity, impede price discovery and, as a result, may cause or exacerbate investor losses.

Later that month, newspaper reports – picking up on comments made by the FCA in its Annual Public Meeting and by CEO Nikhil Rathi when speaking to reporters – indicated that the regulator was in tune with the global concerns and was preparing to launch a "sweeping review" of valuations in private markets and that this exercise would start by the end of the year. As it happens, beyond the reports, no such review was publicly announced before the year-end. However, it is likely that, given its work to date, the FCA's thinking in this area is likely to be well-advanced and so it is unlikely that it will be long before the review is launched.

However, it is likely that, given its work to date in relation to authorised funds, the FCA's thinking in this area is likely to be well-advanced. In August 2023, the FCA had published the results of its multi-firm review on authorised fund managers' assessment of fund value which naturally focused on authorised fund managers and their assessment of value against the backdrop of the Collective Investment Schemes sourcebook.

The forthcoming review will necessarily look into how – in the context of comparatively less regulatory stipulation and inherently more opaque processes – data at fund and portfolio level is used to generate private fund valuations. The FCA will be continuing to work with IOSCO, FSB and other regulatory bodies in looking into data gaps and how valuations are carried out. The review will be a complementary part of a wider analysis of risks arising in the non-bank finance sector, including in relation to leverage.

Back in November 2021, the European Commission published two legislative proposals setting out various amendments to the MiFID II regime largely focused on its market access and data transparency provisions:

• MiFIR amending Regulation; and
  
  
• MiFID amending Directive.

In June 2023, following a lengthy process of negotiations, both the European Parliament and the Council issued press releases in which they announced that they had reached a provisional political agreement. The text of that provisional agreement became publicly available in October 2023, when the Council of the EU published notes from the General Secretariat to the Permanent Representatives Committee (COREPER), attached to which were the compromise texts:

• Final compromise text on Regulation amending MiFIR as regards enhancing data transparency, removing obstacles to the emergence of consolidated tapes, optimising the trading obligations and prohibiting receiving payments for forwarding client orders.
  
  
• Final compromise text on Directive amending MiFID II 

Of the two amending instruments, the Regulation amending MiFIR contains the bulk of the substantive changes, with the much shorter Directive amending MiFID II being largely restricted to only a handful of consequential amendments.

Some of the key changes are summarised below.

• Ban on payments for order flows
  
  
  • Payment for order flows (PFOF) – a practice which still persists in some EU jurisdictions through which brokers receive payments for forwarding client orders to certain trading platforms – will be banned with immediate effect: investment firms acting on behalf of retail clients will not be allowed to receive any fee or commission or non-monetary benefits from any third party for executing orders from those clients on a particular execution venue or for forwarding orders of those clients to any third party for execution on a particular execution venue.
    
    
  • However, there will be some transitional relief in respect of those member states in which PFOF already exists, whereby – provided the member state has notified ESMA - firms will be exempt from the immediate ban, provided that PFOF is restricted to clients in that relevant member state.  However, the exemption only lasts until 30 June 2026 so relevant member states will need to phase the practice out by then at the latest.
    
    
• Double volume cap
  
  
  • The current double volume cap mechanism – under which the reference price and negotiated price equity waivers are disapplied – will be simplified (indeed it will no longer be accurate to refer to it as a double volume cap).
    
    
  • Instead of the 4%/8% mechanism, trading venues will be required to suspend their use of the equity reference price waiver where the percentage of trading in a financial instrument in the EU carried out under that waiver exceeds 7% of the total volume of trading across the EU.
    
    
• Deferred publication – non-equity instruments – large in scale
  
  
  • Competent authorities will no longer have the broad discretion to authorise the deferred publication by market operators and investment firms of large in scale transactions in non-equity instruments (though they will retain the ability to defer publication of transactions in sovereign debt instruments).
    
    
  • Broadly speaking, the deferred publication arrangements will be subject to size category thresholds determined by ESMA (with different criteria for bonds, structured finance products or emission allowances and sovereign bonds). 
    
    
  • Deferred publication of derivatives will also be subject to objectively-determined size criteria.
    
    
• Making pre-trade data and post-trade data available on a reasonable commercial basis
  
  
  • Market operators and investment firms operating a trading venue are currently required to make pre-trade and post-trade data available to the public on a reasonable commercial basis and ensure non-discriminatory access to the information. In any event, such information must be made available free of charge 15 minutes after publication.
    
    
  • Going forward, the obligation will be expanded to also apply to APAs and CTPs and to require the provision of the information on a reasonable commercial basis "including unbiased and fair contractual terms" and to ensure "non-discriminatory access" to such information. ESMA will develop draft regulatory technical standards that will specify what constitutes "unbiased and fair contractual terms" and what constitutes "non-discriminatory access to data".
    
    
• Share trading obligation (STO)
  
  
  • While the Article 23 MiFIR share trading obligation is now history in the UK, thanks to FSMA 2023 (see below), it remains in place in the EU.
    
    
  • The MiFIR amending Regulation makes a number of amendments to the STO to clarify that it is restricted to shares which have an EEA International Securities Identification Number (ISIN) and which are traded on an EEA trading venue.
    
    
  • The exemption from the STO for trades that are non-systematic, ad-hoc, irregular and infrequent will be deleted.
    
    
  • A new exemption will be introduced for trades in shares that are traded on a third-country venue in the local currency or in a non-EEA currency.
    
    
• Derivatives trading obligation (DTO)
  
  
  • Article 28 of MiFIR will be amended to ensure that the DTO is aligned with the clearing obligation under EMIR (as amended by the EMIR Refit Regulation) to ensure that financial counterparties and non-financial counterparties that are subject to the clearing obligation under EMIR will be subject to the DTO in respect of a class of derivatives that has been declared subject to the trading obligation in accordance with the procedure set out in MiFIR.
    
    
  • Other amendments relate to ESMA's powers regarding the DTO (e.g. with regard to suspension of the obligation).
    
    
• EU-wide consolidated tape
  
  
  • It has long been talked about, and indeed MiFIR already contains detailed provisions allowing for it, but the agreed changes now include enhancements designed to turn the legislative theory of an EU-wide consolidated tape into a reality.
    
    
  • A single CTP for each relevant asset class will be selected by ESMA for a period of 5 years.
    
    
  • ESMA is required to develop draft technical standards to determine the standard forms, templates and procedures required for the selection process.
    
    
  • Each CTP will be an electronic system that will combine best bids and offers (EBBOs) with corresponding sales volumes from different exchanges.
    
    
  • The relevant CTP will disseminate this data in real time and will become a single reference price in each case for relevant assets (e.g. shares and exchange traded funds) across EU markets. 
    
    
  • CTPs will be subject to a set of amended organisational requirements.
    
    
  • In order to facilitate the CTP's central role, trading venues will be required to provide pre- and post-trade information to the relevant CTP as close to real time as is technically possible. 
    
    
  • By June 2026, ESMA will assess whether the consolidated tape has delivered on its aim to decrease information asymmetries between market participants. Based on that assessment, the Commission will review the framework and have the power to table a further legislative proposal.
    
    
• Open access regime
  
  
  • CCPs are currently required to clear financial instruments on a non-discriminatory and transparent basis, including as regards collateral requirements and fees relating to access, regardless of the trading venue on which a transaction is executed.
    
    
  • This open access requirement will no longer apply to exchange traded derivatives.

As discussed in last year's New Year Briefing, the EU legislative process to make changes to the EU CSDR has taken some time (the changes were proposed in 2022 and will not take effect until 17 January 2026) and involved more than one changes of direction. Nevertheless, Regulation (EU) 2023/2845 was published in the Official Journal immediately after Christmas 2023. 

The Regulation was prompted by, among other issues, the view that the passporting regime hindered the single market for CSD services, and that settlement fails (i.e. the failure of a trade to be settled successfully on its intended settlement date), while improved by the original EU CSDR, remained too high. The negotiations as to how to solve this latter problem have been extensive.

Settlement discipline

The legislative process for the CSDR Refit involved various discussions about the efficacy of introducing mandatory buy-ins to deal with settlement failure. The final position reached has been that mandatory buy-ins (the relevant provisions for which in the original EU CSDR have not become applicable) will be a measure of last resort. Moreover, they will only be implemented by way of a delegated act, and then only if both of the following conditions are satisfied at the same time:

• the application of other measures, such as cash penalties or the suspension of participants that consistently and systematically cause settlement fails, has not resulted in a long-term sustainable reduction in settlement fails in the EU; and 
  
  
• the level of settlement fails has or is likely to have a negative effect on the EU's financial stability.

ESMA is mandated to produce RTS on certain elements of the settlement discipline regime.

Passporting

The Regulation streamlines and simplifies the regime applicable to cross-border securities settlement (that is, services provided by a CSD in relation to an instrument constituted under the law of a different Member State).

Supervision

Cooperation between supervisors is to be enhanced, including by mandating the establishment of supervisory colleges (which while contemplated by the original EU CSDR had never been used) for CSDs whose activities are considered to be 'of substantial importance' (with RTS to be produced by ESMA to assist in that determination) in at least two Member States.

Third-country CSDs will be required to report activities in relation to instruments constituted under the law of a Member State, to deal with the concern that supervisors have insufficient information on the activities of third-country CSDs.

Banking-type ancillary services  

The Regulation makes it easier for CSDs that are not authorised to provide banking-type ancillary services to settle cash payments by accessing accounts either at credit institutions or at CSDs that do have banking authorisations, albeit subject to limits that will mitigate against the risk of this causing an unintended (and presumably risky) shift away from settlement in central bank money. This should allow CSDs which are not authorised to provide banking-type ancillary services to be able to settle in a wider range of currencies, improving cross-border provision.

During 2024, it is expected that the EU institutions will finalise the proposed third European Market Infrastructure Regulation (EMIR3) package (which includes a proposal on a related Directive).

The European Parliament (in the form of its Committee on Economic and Monetary Affairs) and European Council each adopted their respective negotiating positions late in Q4 2023. Most of the detail is outside the scope of this briefing, being rules applicable to clearing members rather than CCPs, but we would draw readers' attention to the very active debate that has taken place as to whether the legislation should introduce an active account requirement (that is, a requirement in certain circumstances for clearing members to maintain an active account with an EU CCP and carry out certain amounts of clearing of trades in the EU). While the Council continues to argue for a 'robust' active account requirement, it looks increasingly likely that it will be watered down or at least deferred or phased-in in some form.

It also appears highly likely, given the respective institutions' positions, that supervision of CCPs at EU level (by ESMA) will be strengthened, including with regard to third-country CCPs (a key public concern of EU policymakers in this area, given the relative volume of clearing that takes place outside the EU, such as in the UK).        

Sections 13-17 of FSMA 2023 empower HM Treasury to make secondary legislation to establish "FMI Sandboxes"; that is, venues to allow firms to test particular new technologies (including, but not limited to distributed ledger technology (DLT)) and practices, under a regime which can involve legislative modifications. These modifications can, depending on the outcome of the FMI Sandbox arrangements, be made permanent under regulations made by HM Treasury under section 15. The statutory scheme was covered in our briefing Financial Services and Markets Act 2023: Building a Smarter Regulatory Framework in the UK? | Travers Smith. Since then there has been a consultation and response by HM Treasury, and under the Financial Services and Markets Act 2023 (Digital Securities Sandbox) Regulations 2023 (the DSS Regulations), which are in force from 8 January 2024, the DSS will be the first of these FMI Sandboxes.

The DSS will enable firms to establish and run CSD activities (notary, securities settlement and/or securities account maintenance) or trading venues (multilateral and organised trading facilities), using digital asset technology and where doing so requires modification to certain existing legislation relevant to financial market infrastructures.

The DSS Regulations therefore specify the process by which a firm applies for and is accepted into the DSS; sets out regulators' powers to modify their own rules (and relevant technical standards) and supervise its operation. In addition, HM Treasury must prepare a report on the DSS by no later than 10 January 2028, which may include proposals for permanent legislative changes as a result of the progress of the DSS. The DSS is not intended to be permanent, and the DSS Regulations will expire on 8 January 2029.

The Schedule to the DSS Regulations sets out a dozen pages of often detailed legislative modifications to:

• UK CSDR;
  
  
• FSMA 2000;
  
  
• the Companies Act 2006; and
  
  
• the Uncertificated Securities Regulations 2001 (USRs).   

Modifications to UK CSDR and the USRs are particularly critical as both were designed to reflect, support and regulate systems and processes that were developed to operate in particular ways, and that pre-date the technology that the FMI Sandboxes hope to exploit.

The DSS Regulations do not themselves modify the Financial Markets and Insolvency (Settlement Finality) Regulations 1999 (SFRs) or the Financial Collateral Arrangements (No.2) Regulations 2003 (FCARs). Both the SFRs and FCARs are critical to the operation of certain FMIs and their participants and are difficult, if not impossible, to square in all situations with the emerging technologies contemplated by the FMI Sandbox project. Fortunately, HM Treasury's Response to the consultation noted that work on reforms to both pieces of legislation are being progressed in parallel to the DSS.

It was reported in December 2023 that approximately 20 firms had already expressed interest in participating in the DSS.

In addition, while not directly part of the FMI Sandboxes project, multiple working groups are examining connected issues, including:

Fund tokenisation

There is no regulatory definition of fund tokenisation, but the FCA considers it to refer to "representing or turning an investor’s share or unit in a collective investment scheme (or ‘fund’) into a digital token recorded on a smart contract-enabled blockchain". Doing so could offer a range of potential benefits, such as efficiency of settlement and transparency.

The FCA and HM Treasury are observers on an industry-led Technology Working Group of the Asset Management Taskforce. This Working Group issued UK Fund Tokenisation - A Blueprint for Implementation in November 2023, concluding that the regulatory environment contains no insurmountable barriers to the use of fund tokenisation, and proposed a "baseline approach" to implementation. In response, the FCA published a letter to Technology Working Group.

This, while supportive, made clear that at present the FCA's appetite as of today is limited to the "baseline approach" (for example, the FCA do not appear to be ready at present to allow fund tokenisation to be coupled with settlement in innovative forms of digital money).

We would also note that the views on the application of FCA rules to fund tokenisation are distinct from purely legal questions about how to implement the practice (such as questions relating to governing law). These will continue to require very careful and nuanced legal analysis.

Accelerated settlement

In December 2022, HM Treasury established the Accelerated Settlement Taskforce to examine the issues associated with shortening the securities settlement cycle from its current standard of 'T+2' (i.e. trades are settled two days after the trade date).

The US is expected to move (in many cases, including US cash equities) to a T+1 standard in May 2024, and in October 2023, ESMA published a Call for evidence on the shortening of the settlement cycle. This closed on 15 December 2023.

It is clear that any change in the UK and/or EU will take some time to deliver from an operational perspective. Many advocates of the use of DLT in securities settlement consider DLT or similar technologies to be potentially key to achieve T+0 (settlement on the trade date, perhaps even instantly). 

We anticipate the publication of the UK Accelerated Settlement Taskforce's substantive report in Q1 2024.

As detailed in our briefing Financial Services and Markets Act 2023: Building a Smarter Regulatory Framework in the UK? | Travers Smith, FSMA 2023 made a number of (post-Brexit) changes to the way in which the Bank of England is to supervise CSDs and CCPs, given that the UK is no longer subject to the relevant harmonised EU regimes.

FMI Committee

FMI supervision has previously been overseen by an "FMI Board" at the Bank of England. This is replaced with a statutory FMI Committee. Terms of Reference and details of its membership will be published soon. It will be chaired by Sarah Breeden, since 1 October 2023 the Deputy Governor for Financial Stability.

Statutory objectives and matters to which the Bank of England must have regard

The Bank of England's primary objective when supervising CSDs and CCPs will remain its financial stability objective, but FSMA 2023 adds a secondary objective to act in a way which facilitates innovation in the provision of FMI services.

In addition, when pursuing its objectives, the Bank of England must have regard to:

• the same specified regulatory principles as apply to the FCA and PRA (such as proportionality, transparency and the desirability of sustainable UK growth);
  
  
• the effect its regulation could have on the financial stability of other countries in which a CCP or CSD is established or operating; and
  
  
• the desirability of regulating CCPs and CSDs in a way that is not determined by whether their users are in the UK or not.

Cost-benefit analyses and accountability measures

FSMA 2023 imposes various requirements relating to conducting cost-benefit analyses when exercising its new rulemaking powers (on which see further below). The Bank of England intends to consult on its approach to cost-benefit analyses in due course.

In addition, FSMA 2023 ensured that accountability and oversight of the Bank of England when regulating CCPs and CSDs are aligned to the way in which the PRA and FCA are overseen, especially with regard to transparency on responses to consultations and parliamentary committee oversight (although on the latter, even before FSMA 2023 gained Royal Assent, the Treasury Select Committee have already subjected senior officials at the Bank of England, including Sarah Breeden, to several tough committee hearings).

General rulemaking power and broader supervisory tools

At present, much of the statutory framework for CCPs and CSDs is assimilated law, particularly UK EMIR and UK CSDR (although it is important to note that this is not completely exhaustive).

As with post-Brexit reform of financial services law more broadly, FSMA 2023 empowers the Bank of England to make rules in pursuit of its objectives. This work is expected to start with a focus on UK EMIR (so particularly relevant to CCPs).

In addition, on 21 December 2023 the Bank of England published a Consultation on the notification aspects of its broader powers to issue requirements to recognised CSDs, UK CCPs and systemic third country CCPs, pursuant to which those FMIs must take or refrain from taking a particular action.

The consultation includes a draft statement of policy and is procedural in its focus. In particular, it seeks views on how the process can avoid statutory notices causing an undue burden on in-scope FMIs. 

The consultation is open until 21 March 2024.

Enhanced CCP resolution regime and prudential supervisory powers

Section 57 and Schedule 11 of FSMA 2023 establish a wholly new special resolution regime for CCPs, with the Bank of England as resolution authority. The regime is focussed on financial stability. The Bank of England will consider how the stability of the wider financial system (including clearing members and potentially their clients) might be impacted by the CCP's recovery actions when considering if the resolution regime should be invoked. Creditors could be entitled to claim compensation if resolution were to lead to greater losses than they would have suffered in recovery followed by the CCP's insolvency.

The Bank of England also conducted a Consultation on its new powers to prevent or limit certain discretionary payments to employees or shareholders, such as dividends, bonuses, and share buybacks. This power is triggered where the Bank of England considers it to be necessary or desirable for financial stability or the continuity of critical clearing services, the CCP is not in resolution, and at least one of the following four (potentially overlapping) conditions is met:

• Condition I: There is or is likely soon to be a significant deterioration in the CCP’s financial situation. 
  
  
• Condition II: There is a material risk of a threat to the CCP’s ability to maintain critical clearing services. 
  
  
• Condition III: There is a risk of a significant disruption to the operation of the CCP. 
  
  
• Condition IV: The operation of the CCP poses a risk to UK financial stability.    

This consultation closed in November 2023 and the Bank of England expects to publish the policy statement in 2024.             

The FCA published CP23/27: Reforming the commodity derivatives regulatory framework | FCA in December 2023, with comments due by 16 February 2024.

Building on earlier work in the Wholesale Markets Review, accounting for the IOSCO Principles for the Regulation and Supervision of Commodity Derivatives Markets, and flowing from the conclusion that the MiFID II position limits regime is too broad, this responds to the revocation by FSMA 2023 of the requirement that position limits be applied to all commodity derivatives traded on a trading venue and to economically equivalent OTC contracts. The FCA now has the power to establish the regime itself. In addition, changes to the Perimeter Guidance (PERG) are proposed to align with legislative changes to the ancillary activities test.

Changes are proposed to MAR, DEPP, REC, PERG, (plus necessary changes to the Glossary and the Enforcement Guidance), and cover five areas:

Setting position limits

The core aspect of the proposals, which will be of most interest to trading venues, is the intention to increase flexibility (and by extension, improve resilience to volatility) by transferring the principal responsibility for setting position limits to the trading venues, while setting out the FCA's expectations as to how to go about doing so, and retaining the power to intervene and set the position limits itself.

Applying position limits only to certain commodity derivatives contracts

The FCA proposes that position limits are set for 'critical contracts' (those for which disorderly trading would have the greatest impact on trading in this market) and contracts that are sufficiently related to these critical contracts. The FCA intends to maintain a list of critical contracts for which position limits will need to be set, and the Consultation Paper sets out the proposed list in Chapter 3.

New additions to the list will generally be commodity derivatives that are at risk of market abuse and disorderly trading conditions, for example, physically delivered contracts which could be subject to disorderly market conditions at times where the deliverable supply is low, but open interest in the underlying commodity is very high.

Related contracts will include those that derive their settlement price from the settlement price of a critical contract (either directly or indirectly), and those that can result in a position or delivery obligation in the critical contract or another of its related contracts. 

Enhanced position management controls and reporting

Trading venues will be expected to operate better oversight and surveillance arrangements, including accountability thresholds and information on which positions their members and clients hold regarding OTC trades.

Exemptions from position limits

The FCA proposes new exemptions for liquidity providers and for financial firms dealing with non-financial firms hedging risks that arise from their commercial activities. They also propose to strengthen the rules that govern the arrangements operated by trading venues to satisfy themselves that the exemptions are not inconsistent with orderly markets.

Ancillary activities test

New guidance in PERG has been proposed on what constitutes an ancillary activity, following legislative changes in 2023 post-Brexit. This is relevant to firms relying on an exemption from authorisation (the ancillary activities exemption, or AAE). Firms had expressed to the FCA a preference for a quantitative test to deliver certainty, rather than having to conduct a (potentially) less objective assessment as to whether an activity was 'ancillary' to the main business.

The FCA proposes a two-pronged approach:

• Providing guidance on the FCA's view of the meaning of 'ancillary', being "related but subordinate" to the main business.
  
  
• Confirming that firms can use the quantitative tests set out in EU law when carrying out the assessment. 

Alongside the Autumn Statement, HM Treasury published the Future_of_Payments_Review_report, the output of a project chaired by Joe Garner (formerly of Nationwide Building Society). The review focussed on "retail payment journeys" (those used by consumers and small businesses), conducted and delivered its work at pace (July-November 2023) and sought views on three questions:

• What are the most important consumer retail payment journeys both today and in the next five years?
  
  
• For these journeys today, how does the UK consumer experience for individuals and businesses compare vs other leading countries?
  
  
• Looking at the in-flight plans and initiatives across the payments landscape, how likely are they to deliver world leading payment journeys for UK consumers?

At the time of the launch, there was some sentiment that this could lead to a rather anodyne output (given that HM Treasury and the FCA are already looking to overhaul the current legislative framework for payments), but in fact the report is a significant piece of work, incorporating interesting global insights. It makes a total of 11 recommendations (albeit adopting a somewhat idiosyncratic numbering approach):

• The 'primary' recommendation is for the Government to publish a "National Payments Vision and Strategy", which would "provide more central, highest level forward-looking direction" to the payments sector. The report argues that the priority for such a national plan should be to simplify the current landscape in terms of projects in-flight (the report correctly identifies that "the roadmap is congested with multiple major initiatives", and also quotes the FCA Consumer Panel's description of a "plethora of disjointed initiatives currently underway").
  
  
• Recommendation 1: Move from detailed technical standards (usually derived from EU antecedents) to outcomes-based FCA rules and/or guidance for in-person payments.
  
  
• Recommendation 2: Make the same change for online payments, particularly in the field of strong customer authentication (SCA).
  
  
• Recommendation 3: HM Treasury and the FCA to assess regularly whether digital exclusion is leading to financial exclusion.
  
  
• Recommendation 4: Open Banking payments to be enhanced with a minimum form of dispute resolution for users.
  
  
• Recommendation 5: Open Banking to be leveraged to improve the person-to-person bank transfer journey (an area where other countries are seen to have 'overtaken' the UK).
  
  
• Recommendation 6: An Open Banking alternative is developed to card schemes, with a view to giving merchants more choice (there is an associated ask that the Payment Systems Regulator (PSR) complete its work on scheme fees).
  
  
• Recommendation 7: The Government and Joint Regulatory Oversight Committee (JROC) prioritise agreeing a commercial model for Open Banking to encourage investment in infrastructure and consumer protection.
  
  
• Recommendation 8: The PSR to review the new APP fraud rules (see our entry on APP fraud reimbursement) after 12 months, and the Government to consider a more ambitious fraud reduction target, prioritising the prevention of fraud, rather than its remediation.  
       
• Recommendation 9: HM Treasury and regulators to review whether the way current legal requirements apply to fintechs (particularly at start-up and tscale-up stage) is clear and appropriate.
  
  
• Recommendation 10: HM Treasury and regulators to aim to reduce the "regulatory initiatives impacting firms by an aspirational ambition of 10%". This is to be achieved through better alignment of regulatory activity, using updated remit letters, enhancements to the existing Memorandum of Understanding between regulators, and cross-pollination at board level.

The final recommendation's apparent aim of a "10%" reduction in regulatory impact will doubtless be welcomed by firms facing an avalanche of regulatory developments (and, as the report describes, a remarkably densely-populated array of regulators and standard-setters), but quite how that is to be quantified, let alone achieved, is not clear, which the report acknowledges. For example, we know that the FCA is reviewing the statutory regime on safeguarding. It is surely unthinkable that the regime will be removed entirely, and improbable even that the requirements will be relaxed materially. However, clarification where the requirements are opaque and/or challenging in practice would be widely welcomed, but it is not obvious to us that it would necessarily contribute to the "10%" target.       

Critically, the Autumn Statement included the acceptance of the "core recommendations" (without specifying precisely which recommendations were not "core"):

• Taking forward the primary recommendation, a National Payments Vision will be published in 2024. This is highly likely to mean that all payments firms (including those potentially coming inside the Bank of England's perimeter for the first time, see our entry on changes to the Banking Act 2009 below) will need to reconsider their strategic and regulatory pipelines once that is published. Work on the National Payments Vision will include a consideration of the New Payments Architecture. 
  
  
• Recommendations 1 and 2 on making the requirements outcomes-focussed were accepted. This will presumably be positioned as a Brexit benefit. Slightly curiously, the Statement specifically commits the FCA to a consideration of contactless limits. While the report suggests some scope for "optimisation" of contactless limits, there seem to be considerably more pressing areas within the legislative framework, especially the detail of SCA (indeed the Payment Services Regulations 2017 (PSRs) include very few provisions that even touch on contactless limits at all).  
  
  
• The Government will legislate in 2024 to support the unlocking of Open Banking payments. This will apparently expand mandatory Open Banking beyond the CMA9, support a commercial model and ensure consumer protection. Precisely what that looks like and when it is delivered remains to be seen – and potentially impacts the work being done by JROC and the PSR on Open Banking, on which see our following entry.

Even before the Future of Payments Review and the Autumn Statement (see our previous entry), work was underway by the Joint Regulatory Oversight Committee (JROC) and the PSR on progressing Open Banking. 2023 saw a series of publications setting out proposals on the future development of Open Banking, including the Strategic Working Group Report The Future Development of Open Banking in the UK Feb 2023, that diplomatically noted a lack of consensus among market participants on how the potential of Open Banking could be realised. This was followed by the Recommendations for the next phase of open banking in the UK, a comprehensive set of 29 recommendations by JROC (i.e. the FCA and PSR working together), arranged into six themes:

• Finalising the design of the "future entity" (explored in more detail below)
  
  
• Levelling up availability and performance
  
  
• Mitigating the risks of financial crime
  
  
• Ensuring effective consumer protection if something goes wrong
  
  
• Improving information flows to third party providers (TPPs) and end users
  
  
• Promoting additional services, using non-sweeping variable recurring payments (VRPs) as Phase 1

The first of these is a core deliverable. At present, the existing Open Banking framework is essentially a competition law regime, mandated by the Competition and Markets Authority (CMA). It applies to the so-called "CMA9" (broadly, the nine main providers of current accounts), and with various central functions being fulfilled by the Open Banking Implementation Entity (OBIE), which is funded by the CMA9. It is accepted that the current structure, governance and funding of the OBIE is not suitable to deliver the next stages of Open Banking across the market. More news on progress of the design of the "future entity" is expected imminently in 2024, as the transition is expected to start before the end of June (subject to the CMA's consent).

In December, JROC published an update on progress, JROC_Q4_Statement_on_Progress_Update_Dec_2023, which set out the actions that had been completed and those still open:

Finalising the design of the future entity

Completed actions:

·       Establish alternative governance arrangements for non-Order activities for the OBIE

·       Develop a market-pricing framework for non-Order functionality

Open actions (target dates):

• Finalise the design of the structure, governance and funding of the future entity (Q1 2024)
  
  
• Commence the transition to the future entity (Q2 2024)

Levelling up availability and performance

Completed actions:

• Design a data collection framework for API availability and performance and submit to the FCA and PSR for approval

Open actions (target dates):

• Conduct data collection and analyse data following FCA and PSR approval (Q4 2023, so this should have been completed by the date of publication of this Briefing)
  
  
• Consult, if needed, on changes requiring reporting additional data for API availability and performance (Q2 2024)

Mitigating the risks of financial crime

Completed actions:

• Assess conformance with the FCA's existing guidance in relation to payment limits

Open actions (target dates):

• Design a data collection framework for financial crime and submit to the FCA and PSR for approval (Q3 2023; i.e. arguably behind schedule)
  
  
• Conduct the financial crime data collection and analyse data following FCA and PSR approval (Q4 2023)
  
  
• Implement the use of Open Banking-based data sharing in Faster Payments to reduce fraud (Q4 2023)
  
  
• Implement effective financial crime prevention tools for TPPs and account servicing payment service providers (ASPSPs) (Q1 2024)
  
  
• Consider how API-based data sharing can be broadened out beyond authorised push payment (APP) fraud and report findings to FCA and PSR (Q1 2024)
  
  
• Consult, if needed, on mandating data sharing, the use of financial crime prevention tools (including data sharing) and/or additional tools or requirements for high-value payments (Q2 2024)

Ensuring effective consumer protection if something goes wrong

Completed actions:

• Perform a gap analysis of dispute processes

Open actions (target dates):

• Consult, if necessary, on additional dispute process or protection requirements (Q2 2024)

Improving information flows to TPPs and end users

Completed actions:

• Perform a gap analysis of consistent and definitive payment statuses in Faster Payments and Open Banking

Open actions (target dates):

• Consult, if needed, on changes to error code requirements (Q4 2023)
  
  
• Consider whether further alignment between Open Banking and Faster Payments error messages is needed (Q4 2023)
  
  
• Implement recommendations identified in the gap analysis (Q2 2024, strictly speaking a new requirement)
  
  
• Consult, if needed, on whether to require consistent and definitive messaging regarding payment status (Q2 2024)

Promoting additional services, using non-sweeping VRPs as a pilot

Completed actions:

• Publish terms of reference for a working group on expanding VRPs beyond sweeping use cases
  
  
• Publish a discussion paper on principles for commercial frameworks for premium APIs
  
  
• Draft a delivery plan and framework to enable a phased rollout of non-sweeping VRPs (discussed further below)

Open actions (target dates):

• Consult, if necessary, on changes to Faster Payments to enable a phased rollout of non-sweeping VRPs (Q4 2023 – as is discussed below, some consultation has commenced but it is clear there is much more to follow)
  
  
• Conduct consumer research to identify critical and future use cases and risks for consumers, including those with vulnerabilities (Q4 2023)
  
  
• Consult, if needed, on requirements to support non-sweeping VRP rollout and/or on whether to adopt a wider multilateral agreement for premium APIs (Q2 2024)
  
  
• Implement a multilateral agreement or rulebook for premium APIs (Q4 2025)
  
  
• Support testing of innovative data sharing, authentication and identification propositions (no specific date)

The eagle-eyed reader will notice two things: first, there are considerably more open than completed actions, and secondly, that there are at least seven actions potentially requiring PSR and/or FCA consultations over 2024.

On that topic, there is one consultation paper already live. Responses to CP23/12 VRP Expanding variable recurring payments, on the initial proposals for progressing non-sweeping VRPs, are sought by 2 February 2024.

For those unfamiliar with the topic, VRPs can be used (as a minimum) to deliver similar outcomes to direct debits, by enabling customers to authorise a series of transactions of potentially differing values (and potentially varying frequency) from their accounts. This is done by securely connecting payment initiation service providers (PISPs) to their accounts using Open Banking. The initial (competition-driven) roadmap for Open Banking included the CMA mandating the CMA9 to enable VRPs between accounts owned by the same person. For example, moving positive balances in a current account into an interest-bearing savings account (including one held with another provider), without the customer having to remember to do that herself. This is referred to as "sweeping".

It should also be apparent that VRPs have potential uses in many different areas. To that end, as shown above, non-sweeping VRPs (sometimes referred to as commercial VRPs, or cVRPs) will be a key area of focus in 2024. The technology supporting cVRPs already exists, but as they are not mandated by the CMA there are a range of obstacles to introduction and adoption. For example, ASPSPs are permitted to charge PISPs to connect to the customer's account.

Alongside the publication of a VRP Blueprint of the VRP Working Group, concentrating on cVRPs, the PSR confirmed in CP23/12 its decision that "phase 1" will focus on payees in three sectors (referred to by the PSR as "billers"):

• Regulated financial services;
  
  
• Regulated utilities; and
  
  
• Central and local government.

Bearing in mind the wider need to establish a stronger consumer protection framework, these were identified as being low-risk and therefore suitable for a pilot. There has been a degree of disappointment that the PSR and VRP Working Group are not moving more quickly on use cases such as "e-commerce" (clearly a potentially very wide use case), but in reality the PSR considers that it needs to proceed with a degree of caution for now. As discussed in our previous entry on the Future of Payments Review, the Government's intention to legislate to accelerate Open Banking may have the effect of turbo-charging this workstream.

On pricing, the PSR reinforced the importance of the principles they published in June 2023, and stated that phase 1 prices should:

• broadly reflect relevant long-run costs;
  
  
• incentivise investment and innovation;
  
  
• promote adoption and encourage network effects (i.e. as the PSR puts it "the benefit of a service increases the more people can use it");
  
  
• treat TPPs fairly; and
  
  
• be transparent and straightforward.

The PSR does not intend to intervene on prices charged to billers, given the existing competitive pressures.

The PSR therefore makes three key proposals, which are explored in more detail below:

• an all-encompassing multilateral agreement (MLA);
  
  
• the compulsory participation of the CMA9; and
  
  
• preventing any charges being levied on PISPs by sending firms (the term used by the PSR in place of ASPSPs in this context).

Once the PSR has analysed the feedback and made its decision on how to proceed, we expect a more detailed consultation on the text of a Direction.

The MLA will "regulate by contract" phase 1 cVRPs, to which TPPs and ASPSPs involved in executing cVRPs will become party. This will, as a minimum, set out required functionality, pricing, dispute resolution and liability arrangements. The PSR's rationale is that "leaving it" to the ecosystem to construct a Byzantine web of bilateral agreements is inefficient, slow and not scalable.

The PSR also proposes that Pay.UK operate the MLA for phase 1, given its current critical role as the operator of Bacs, Faster Payments, and the Image Clearing System. It is interesting that the PSR expressly decided against proposing that OBIE be given this responsibility on the basis of its current capability and capacity, while saying nothing about the fact that – as discussed above – OBIE is itself also facing a complex and critical transition towards the future entity. The PSR is also almost certainly correct that an entirely new third party operator would have neither the industry standing nor the time to become the operator of the MLA in a manner consistent with the current ambitions.

Network effects are expressly recognised in the pricing principles as important to the success of cVRPs. This concept is also driving the PSR's view on participation by large ASPSPs, and the PSR therefore proposes that the CMA9 be required to participate in the MLA. This will have the immediate effect of creating a large pool of customers whose accounts will support phase 1 cVRPs. As the PSR rather gently notes: "without strong financial incentives too few ASPSPs would voluntarily offer the required functionality". A wide pool of potential customers is expected to encourage billers to accept cVRPs. 

Accompanying the discussion about the scope of mandatory participation sits an even more radical proposed regulatory intervention on pricing. Having initially stated that it is not minded to seek to regulate the prices charged to billers to be able to accept cVRPs, the PSR nevertheless starts from the premise that billers will only adopt the service if it makes financial sense for them – and suggests this requires the PSR to intervene at the level of the charges levied on PISPs by sending firms (i.e. ASPSPs). The PSR argues that sending firms may have a "bottleneck monopoly" because PISPs have no control over the identity of the sending firm with which their end user has chosen to have a current account (or equivalent). In addition, as most major sending firms (being banks) will also be card issuers, there is a risk (as the PSR sees it) that sending firms will "default to" charging at or above the card interchange fee, in order, in effect, to replace that income with income from cVRPs. The PSR also notes that scaling cVRPs is likely to reduce the number of direct debits set up on current accounts, which are not currently directly remunerated.

Having argued in favour of regulatory intervention, the PSR concludes that the material driver of sending firms' costs for cVRPs is the fee sending firms are themselves charged by Pay.UK to send the payment via the Faster Payments Service. The PSR appears open to arguments that that charge could be passed through, ultimately to the biller (presumably), but obviously prefers the alternative approach of removing that individual charge entirely and consequentially setting the price that sending firms can charge PISPs at zero. The PSR acknowledges that this will have a commercial impact on Pay.UK and seems to accept that Pay.UK will need to examine how to respond to the loss of that revenue.     

The PSR issued a series of consultations throughout 2023 constructing its new regime (apparently the first of its kind in the world) requiring reimbursement of APP scams. Payments specialists will know that the liability regime for unauthorised fraudulent transactions has been in place since the implementation of the first Payment Services Directive (PSD) in November 2009, but APP frauds sit outside that regime because, by definition, they involve the payer correctly authorising the transaction. The fraud generally lies in either "malicious payee" activity (for example, the purported sale of goods which the payee never delivers), or "misdirection" (the payer being persuaded to make an otherwise routine payment to an account controlled by the fraudster – internal frauds within expenses departments in businesses being an example).

The PSR considers that consumer protection requires changing the regulatory framework, and that doing so will incentivise PSPs to detect and prevent fraud at an earlier stage. 

After considerable debate about scope, timings and the nuances of some of the requirements, the PSR published PS23/4 Fighting authorised push payment scams: final decision, setting out the final elements and confirming the timelines shortly before Christmas 2023.

Legal instruments

In a somewhat unusual move (demonstrated by the fact that the PSR will be exercising its statutory power under section 55 of the Financial Services (Banking Reform) Act 2013 (FSBRA) for the first time), the regime will be implemented in the main by embedding it directly into the rules of the Faster Payments Scheme, overseen by Pay.UK. The PSR intends Pay.UK to take on a broader role overseeing attempts to fight APP frauds with greater responsibility for standard-setting and policy.

To that end, the PSR has promulgated three legal instruments:

• Specific Requirement 1 (SR1): this requirement mandates that Pay.UK change the rules of the Faster Payments Scheme to incorporate the details of the reimbursement requirements.
  
  
• Specific Direction 19 (SD19): this direction to Pay.UK requires Pay.UK to design and establish a framework under which it will monitor, enforce and report on compliance by PSPs with the rules introduced under SR1.
  
  
• Specific Direction 20 (SD20): this direction applies to in-scope PSPs, and directs them to comply with the rules introduced under SR1. What might look like something of a 'belt and braces' approach is in fact needed both to ensure that PSPs that are not direct members of the Faster Payments Scheme are appropriately covered, and to reinforce the PSR's regulatory toolkit.

Timing

As will be explored in the discussion of the specific rules below, the new requirements will have a very significant impact on PSPs, and there was forceful opposition among the industry to the original go-live date of 2 April 2024, on the basis that it was simply unachievable. On the other hand, the PSR clearly wants the industry to deliver at pace, and consumer groups were unimpressed by attempts to delay. 

The result is that the key milestones for 2024 will now be:

• 31 March 2024: Indirect access providers (IAPs, which allow non-members of the Faster Payments Scheme to participate indirectly) must give the PSR a list of the indirect PSPs to which they provide access. By the end of every calendar month thereafter, they must also update the PSR if that list changes, and will then submit a full list once a year, by the end of March.
  
  
• 5 April 2024: Pay.UK to submit the compliance monitoring proposals required by SD19 to the PSR for its approval.
  
  
• 7 June 2024: (Following approval by the PSR) Pay.UK to publish the compliance monitoring policy.
  
  
• 7 June 2024: Pay.UK to publish finalised Faster Payments Scheme rules.
  
  
• 7 October 2024: Requirements become effective. Payments made in response to an APP fraud on or after that date will be covered by the reimbursement requirements.

The stated intention is that the Bank of England will implement a similar change to the rules of CHAPS, and that, in the absence of a good reason, the PSR will issue a Specific Direction which will mirror, among CHAPS participants, the effect of SD20. Consultation on this activity is expected in Q1 2024.

Scope

The requirements will apply to a payment meeting the following criteria:

• It is executed through the Faster Payments Scheme.
  
  
• It is authorised by a PSP’s consumer (which includes micro-enterprises so is not strictly limited to true consumers).
  
  
• It is executed by that PSP in the UK.
  
  
• The payment is received in a relevant account in the UK that is not controlled by the consumer.
  
  
• The payment is not to the recipient the consumer intended or is not for the purpose the consumer intended.

(As an observation, the third and fourth limbs mean that these requirements would not have made any difference to the outcome of the dispute in 2023's widely-covered case of Philipp v Barclays Bank UK PLC, as the destination accounts in that case were outside the UK. In fact, the claim in that case would also have exceeded the maximum mandatory reimbursement cap, described below.)

Customer standard of caution

Unless the customer is "vulnerable" (defined to align with the FCA's definition and therefore well-known to firms having completed their Consumer Duty implementation projects), the reimbursement requirements will not apply where the customer has failed to comply with the "customer standard of caution". 

Those involved in the implementation of, or compliance with, the unauthorised transactions regime in the PSRs will know that PSPs' liability for those transactions is subject to the customer not acting with "gross negligence", and the consequential debate as to what that means in edge cases. For example, is having a PIN number consisting of the same digit repeated four times "grossly negligent" or simply not very sensible? This has been an extension of that debate, but we suspect will not settle it for good.

The PSR has now published the Consumer Standard of Caution Exception and associated Consumer Standard of Caution Guidance on the customer standard of caution, and has chosen to narrow it to specific areas and activities. It has four elements. In order to be "reimbursable", the PSPs are entitled to expect that the customer should:

• have regard to any intervention (i.e. a specific and tailored warning) made by their sending PSP and/or by the police;
  
  
• upon learning or suspecting that they have fallen victim to an APP scam, report the claim promptly to their sending PSP and, in any event, not more than 13 months after the date on which the last payment forming part of that claim was executed;
  
  
• respond to any reasonable and proportionate requests for information made by their sending PSP under the 'stop the clock' provision (see below); and
  
  
• after making an FPS APP scam claim, consent to the PSP reporting to the police on the consumer’s behalf or request they report directly the details of an APP scam to the police.

It is critical to understand that failure to behave in conformance with those points will not automatically lead to rejection of the claim; rather, it is then for the PSP to show that the customer's 'default' was the result of their gross negligence – meaning that the concept remains central to liability. The Policy Statement does say that it requires "a significant degree of carelessness", and the Guidance attempts to provide practical help to PSPs. One area where we anticipate disagreements is the element of the standard demanding "prompt" notification of a claim.

Maximum level of reimbursement

Perhaps surprisingly, the PSR accepted the principle that there should be a maximum cap on PSPs' liability. More controversially (certainly among smaller PSPs), this has been set at £415,000, which is the upper limit to an award by the FOS. Setting it at this level, rather than the £85,000 or even £30,000 proposed by some firms, mean that very few APP fraud claims will be excluded by the application of this cap. Some firms, for example, maintain restrictions which mean that they do not execute payments of that level through the Faster Payments Scheme. 

The PSR will continue to monitor high-value frauds throughout 2024 and may even revisit this policy decision. 

Maximum excess

At the other end of the value spectrum, sending PSPs will be allowed to impose an "excess" of £100, except where the claimant is vulnerable. 

This would have the practical effect that the reimbursement requirement would not apply to claims below £100, and reimbursement could have £100 deducted.

Time limit for PSPs to reimburse the customer

The PSP must refund the customer no later than five business days after receiving the claim, subject to its ability to 'stop the clock', which it can do by asking questions as follows:

• to gather information from the victim(s) (or their agent) or the receiving PSP to assess whether the claim is covered;
  
  
• to verify that a claims management company is submitting a legitimate claim – for  example, validating that the victim has authorised the company to submit a claim;
  
  
• to gather additional information from a victim to assess their vulnerability;
  
  
• in cases where the sending PSP has evidence of fraud on the part of the person who made the FPS APP scam claim, to gather additional information from the receiving PSP, law enforcement or other relevant parties; or
  
  
• for multi-step scams, to gather additional information from the other PSPs involved.

There is, however, an overall longstop of 35 business days in which to decide whether or not to refund. 

Allocation of liability

One of the major regulatory innovations originated by the PSR is the way financial liability for the requirements is allocated. In order to incentivise all firms to prevent fraud in the first place, once the sending firm has reimbursed the customer, both the sending and the receiving firm will bear the costs on a 50:50 basis (and firms will also share the benefit of being able to "repatriate" any of the stolen funds).

Other activity

APP fraud is being attacked on a variety of other fronts. Certain directed firms will start publishing data relating to APP scams in a prescribed format, and the FCA continues to press firms to improve their approach, particularly in the light of the Consumer Duty. 

Although the timeline is uncertain, HM Treasury confirmed in August in the Payments Regulation and the Systemic Perimeter - Consultation Response that the policy intention is to amend Part 5 of the Banking Act 2009 (BA2009) to change the perimeter of the Bank of England's supervision regime.

Under the current regime, Vocalink is a "specified service provider" (indeed, at present the only supplier so specified), because it provides IT infrastructure that underpins the retail payment systems operated and managed by Pay.UK, as well doing the same for LINK (the ATM network): the regulatory trigger is the connection between the provider and a recognised payment systems operator. 

HM Treasury has concluded that the changing nature of the payments ecosystem means that this approach to the perimeter is no longer fit for purpose. Instead, HM Treasury will be empowered to recognise systemically important service providers to the payments ecosystem more broadly; removing the need for a link with a recognised payment systems operator. At the same time, Part 5 will be narrowed in a different way, expressly excluding critical third parties (CTPs) where these are not suppliers to the payments ecosystem. This is as a result of the new CTP regime introduced by FSMA 2023, which is covered above.

Alongside this change, the Bank's powers and tools to regulated systemic risk in payments will be widened and clarified, as well as being made subject to the new accountability framework established in FSMA 2023. 

In addition, HM Treasury has (undoubtedly correctly) concluded that there is no longer a need for the PSR to oversee two parallel and slightly different statutory frameworks for access to payment systems, one in FSBRA and one in the PSRs. The stated policy is to revoke the PSRs provisions, while also "enhancing" the PSR's regulatory toolkit in FSBRA.

In practical terms, we would not expect this to create any problems or gaps (and indeed this was part of the rationale for the change). However, as with the accompanying changes to the BA2009 described above, it is difficult to draw solid conclusions until the publication of the legislation itself.

The final version of MiCA was published in the Official Journal in May 2023 (Regulation (EU) 2023/1114). The detail of the legislation was covered at length in last year's New Year Briefing, but by way of a brief reminder, MiCA sets out requirements in four areas:

• The offering and placing on the market of cryptoassets other than asset-referenced tokens (ARTs; this will include many fiat-referencing stablecoins) and e-money tokens (EMTs).
  
  
• A broader and more fulsome set of requirements for ARTs and EMTs (which includes the offer of such tokens). Issuers of ARTs and EMTs that are deemed to be "significant" are subject to EBA supervision and more stringent rules.
  
  
• Rules relating to cryptoasset service providers (CASPs).
  
  
• A cryptoasset-specific market abuse regime.

For these purposes, cryptoassets are defined as “a digital representation of a value or a right which may be transferred and stored electronically, using distributed ledger technology or similar technology”. Critically (and this is similar to the approach taken in the UK as discussed below, any tokens that already fall inside the regulatory perimeter (for example, any that meet the definition of a financial instrument in MiFID) are not subject to MiCA. Likewise, unique and genuinely non-fungible tokens (NFTs) and digital assets that are not capable of being transferred to a third party are excluded.

The regimes for ARTs and EMTs are set out at Titles III and IV respectively, which (along with the delegated acts and guidelines produced by ESMA and/or the EBA) will apply from 30 June 2024. All other requirements will apply from the end of the year. There are also various transitional periods, including a discretion for Member States to grant firms already operating in this field up to an additional 18 months to gain the relevant authorisations – that could mean that some existing firms would not be subject to the full regime until 1 July 2026.  

A critical consideration, therefore, is how best to prepare for implementation, given that many Member States have already adopted statutory regimes (and all should now have mandatory registration under anti-money laundering legislation for certain activities). To that end, ESMA published ESMA Statement on MiCA in October 2023, calling for firms and regulators to advance preparations as rapidly as possible, and seeking to promote convergence at a supervisory level even before the Regulation applies. Subsequently, Verena Ross, Chair of ESMA, made a speech (Verena Ross Speech to Financial Supervisors Academy Forum) in which, among other points, she explicitly called on Member States to limit this period to no more than 12 months.

Delegated acts, Level 2 and Level 3 measures

As mentioned above, additional requirements apply to issuers of "significant" ARTs and EMTs. Article 43 specifies certain objective criteria. In addition, in November 2023, the European Commission consulted on a draft Delegated Regulation on the factors to be taken into account when deciding whether an ART or EMT is significant under the criteria where the Regulation does not itself specify bright lines. Three of the criteria must be met for the issuer to be classified as significant.

The objective criteria in Article 43 are:

• the number of holders of the token is larger than 10 million;
  
  
• the value of the token issued, its market capitalisation or the size of the reserve of assets of the issuer of the token is higher than EUR 5 billion;
  
  
• the average number and average aggregate value of transactions in that token per day, during the relevant period, is higher than 2.5 million transactions and EUR 500 million respectively;
  
  
• the issuer of the token is a provider of core platform services designated as a gatekeeper under the EU's Digital Services Act; and
  
  
• the fact that the same issuer issues at least one additional token, and provides at least one crypto-asset service.

The additional criteria expanded on by the Delegated Regulation are:

• the significance of the activities of the issuer of the token on an international scale, including the use of the token for payments and remittances; and
  
  
• the interconnectedness of the token or its issuer with the financial system.

Under the proposed Delegated Regulation (which is yet to be finally adopted), these assessments will be based on a set of 'core indicators', 'sub-indicators', and (in the case of interconnectedness with the financial system, should the core indicators not provide an answer) 'ancillary' indicators to assist the EBA in making its assessment. An example of core indicators is the global market capitalisation of a token (significance on an international scale), and an example of ancillary indicators is the overlap of the issuer's reserve assets with those of other issuers (interconnectedness).   

We anticipate the final version of the Delegated Regulation in Q1 2024.

Current activity by ESMA and the EBA focuses on the delegated acts, such as Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS), and the Guidelines. MiCA requires the adoption of dozens of such documents to provide greater granularity and clarity on aspects of the Regulation; the deadline for which is 30 June 2024.

ESMA published two significant consultation packages in July 2023 (ESMA July Consultation Paper) and October (ESMA October Consultation Paper), both of which are now closed. Finalised versions are expected imminently, as these measures must be formally accepted by the Commission so as to be in force from 30 June 2024. ESMA's closed consultations covered:

• RTS on content of notification from selected entities to national competent authorities (NCAs).
  
  
• ITS on forms and templates for notification from entities to NCAs.
  
  
• RTS on the content of the application for authorisation for CASPs.
  
  
• ITS on forms and templates for CASP authorisation application.
  
  
• RTS on complaint handling procedure.
  
  
• RTS on management and prevention, disclosure of conflict of interest.
  
  
• RTS on intended acquisition information requirements (what in the UK would be referred to as change in control processes).
  
  
• RTS on content, methodologies and presentation of sustainability indicators on adverse impacts on the climate and the environment.
  
  
• RTS on measures that CASPs must take to ensure continuity and regularity in the performance of services.
  
  
• RTS on pre- and post-trade transparency data to be made public.
  
  
• RTS on content and format of order book records.
  
  
• RTS on record-keeping by CASPs.
  
  
• RTS on data necessary for the classification of white papers.
  
  
• ITS on standard forms and templates for white papers.
  
  
• ITS on technical means for appropriate public disclosure of inside information.

ESMA intends to publish its third consultation package in Q1 2024. This is expected to cover:

• Qualification of cryptoassets as financial instruments.
  
  
• Monitoring, detection, and notification of market abuse.
  
  
• Investor protection, which is expected to cover reverse solicitation; suitability of advice and portfolio management services; and policies and procedures for cryptoasset transfer services, including clients' rights.
  
  
• System resilience and security access protocols.

The EBA also has responsibility for certain delegated measures and published sets of consultations at similar points. Closed consultations (the EBA published more of the papers individually) covered:

• RTS on information to be contained in an application for authorisation to offer to the public and to seek admission to trading of ARTs.
  
  
• ITS on standard forms, templates and procedures for the information to be included in the application (same document as the RTS above).
  
  
• RTS on complaint handling.
  
  
• RTS on information needed to assess changes in control of issuers of ARTs.

At the time of publication, there are several open consultations:

• Joint Guidelines of the EBA and ESMA on the suitability assessment of a) members of the management body of issuers of ARTs and CASPs and b) shareholders and members with qualifying holdings in issuers of ARTs and CASPs (deadline of 22 January 2024).
  
  
• RTS on the approval process for white papers for ARTs issued by credit institutions (22 January 2024).
  
  
• RTS on the minimum content of governance arrangements on remuneration (22 January 2024).
  
  
• Guidelines on the minimum content of governance arrangements for issuers of ARTs (22 January 2024).
  
  
• RTS to specify highly liquid financial instruments with minimal market, credit and concentration risk (8 February 2024).
  
  
• RTS on the liquidity requirements of asset reserves (8 February 2024).
  
  
• RTS on the minimum contents of liquidity management policy and procedures (8 February 2024).
  
  
• Guidelines establishing common reference parameters used in liquidity stress test scenarios (8 February 2024).
  
  
• RTS on the adjustment to own funds requirements and stress testing of ART and EMT issuers (8 February 2024).
  
  
• RTS on the procedure and timeframe for adjusting own funds requirements for issuers of significant ARTs or EMTs (8 February 2024).
  
  
• Guidelines on recovery plans (8 February 2024).
  
  
• RTS on how to estimate transaction volumes and values of ARTs used for payments and EMTs denominated in a non-EU currency (8 February 2024).
  
  
• ITS on certain reporting for ARTs and EMTs (8 February 2024).
  
  
• RTS on supervisory colleges (8 February 2024).

Firms impacted by MiCA face a considerable volume of material with which to get to grips, and are getting clear messages from EU-wide supervisors that they expect and intend MiCA to have a transformational impact on the cryptoasset market across the EU.     

Since 8 October 2023, cryptoasset financial promotions accessible to consumers have been subject to FCA regulation. In advance of the legislation coming into force, as well as issuing a series of communications seeking to raise awareness (and arguably also to increase the pressure on affected firms), the FCA consulted on what is now FG23/3: Finalised non-handbook guidance on Cryptoasset Financial Promotions.

The details of the rules were covered in our August briefing Strengthening the Financial Promotion Rules Reprised - Cryptoassets | Travers Smith, and the FCA notes that firms should be complying with those rules already.

Most of the guidance will be unsurprising and logical to those familiar with the UK investments financial promotions rules (focussing on ensuring that the promotions are fair, clear, and not misleading), but it also addresses a number of areas specific to cryptoassets.

Claims as to stability of value or link to fiat currency

Firms promoting stablecoins (the broader regulation of which is covered below) need to be able to demonstrate the accuracy and reliability of the peg, including by explaining how and with which assets the stability is maintained. Terms such as 'inflation resistant' should not be used.

In addition, the FCA considers that claims of stability, or of being a "store of value", relating to a cryptoasset supported by an algorithm (which seeks to influence and/or respond to suppy and demand for the cryptoasset) or holdings of other cryptoassets are unlikely to be compliant (the implication being that such claims are misleading).

Asset or commodity backed cryptoassets

For cryptoassets claiming to be backed by a commodity or other asset, the FCA considers that firms should set out clearly the actual model being used (for example, whether the cryptoasset tracks the asset's value, or is in fact a digital representation of ownership rights in the asset), and ensure that the financial promotion includes:

• proof of ownership of the asset, making evidence available before the consumer's investment is concluded;
  
  
• the identity of the custodian (if any); what services they provide; and how they relate to the issuer (the FCA also advises firms to check custodians' regulatory status);
  
  
• clear terms of redemption (and information relevant to redemption should be available throughout the customer journey);
  
  
• the risk that the consumer will lose some or all of their investment if the issuer or custodian becomes insolvent; and
  
  
• any other reasonably foreseeable dependencies affecting the value or volatility of the asset.

Complex yield models

This is the umbrella term the FCA uses to describe a range of business models including staking, lending and borrowing of cryptoassets, with a view to the original owner of the cryptoasset making a return (the 'yield'). It is clear from the feedback to the consultation contained in Annex 1 that the FCA received significant pushback on whether their approach is suitable to such a disparate range of structures. Nevertheless, the FCA, while acknowledging the breadth of the ecosystem, clearly regards this as an area of risk of consumer harm, and pitches the guidance at a level of generality that, in its view, ought to avoid any unintended consequences.

Financial promotions for these services are unlikely to be compliant, in the FCA's view, unless they clearly and properly set out:

• evidence of how advertised rates of return could be achieved;
  
  
• information on legal and beneficial ownership of the consumer's cryptoassets, and the consequences if something goes wrong;
  
  
• fees, rates and charges that could affect the returns;
  
  
• (where a target rate of return is stated) the ability to demonstrate the correct oversight and controls to be able to monitor the achievement of particular returns, with a view to withdrawing or changing claims about target rates of return; and 
  
  
• all other relevant risks inherent in the structure, such as risks relating to onward transactions, or hacks. 

In addition, the guidance emphasises the importance of being able to carry out due diligence on third party issuers (so as to substantiate claims), and reiterates (several times):

• some cryptoasset structures are likely already to be caught by FCA regulation as, for example, a collective investment scheme (CIS);
• the importance of financial promotions regulation being technology-neutral, and the need for social media and 'finfluencers' to be used in a compliant way; and
• the application to authorised firms of the Consumer Duty. 

Two final observations:

• The feedback included at Annex 1 can often, looked at objectively, be read as being closer to commentary about (or perhaps challenges to) the statutory perimeter than to a critique of the financial promotions guidance.
  
  
• The FCA rejected industry's requests for more detailed 'good and bad practice' case studies or examples. This may be driven by the FCA's concern that these could become akin to templates for firms, but in the context of the complex yield models, such an approach could also quickly be overtaken by market practices. 

The Bank of England (including the PRA) and the FCA published, in October 2023, FS2/23 – Artificial Intelligence and Machine Learning | Bank of England. This Feedback Statement summarises the responses to their October 2022  DP5/22 - Artificial Intelligence and Machine Learning | Bank of England.  

The Feedback Statement states at the outset it does not include any policy proposals nor should it be interpreted as meaning regulators are planning on taking any particular position on the issues raised.

It is also silent on the next steps for regulators.

The Feedback Statement makes clear that there were several areas of broad consensus (at least among market participants – the Feedback Statement did not break out where consumer groups disagreed, but in a few places it appears reasonably likely that this was the dividing line):

• A regulatory definition of AI would not be useful.
  
  
• Global and cross-border alignment and cooperation is important, especially given the number of different initiatives in different jurisdictions (such as the EU AI Act, which it was reported has received provisional political agreement in December 2023).
  
  
• Similarly, the position of AI as effectively "sector-agnostic" means that co-ordination across sectoral regulators would be helpful. 
  
  
• The speed of change in AI means that regulation and guidance needs to be both flexible on its face and capable of being revised periodically.
  
  
• The focus of regulation should be on consumer outcomes, and where at all possible risk-based.
  
  
• Slightly conversely, there were multiple calls for more "good and bad practice" case study-type guidance.
  
  
• Existing regulatory frameworks on governance, such as the SM&CR, are fit for purpose in dealing with AI.    

The key area on which there appeared to be more controversy and challenge  – and which is absolutely critical to AI in financial services – was on data protection regulation, such as the GDPR and its UK equivalent. Its importance was accepted and highlighted repeatedly (entirely logical given the nature of AI as a data processing technique). However, many respondents obviously regarded it as a major challenge to the successful adoption of AI: two examples being implementing the right to erasure in the context of an AI model, and issues raised by data localisation requirements. It is fair to say that in several contexts, the high-level summaries of the feedback read more like specific challenges to the substance of data protection requirements, rather than an "AI issue" per se. 

The EU Regulation on Digital Operational Resilience (the DORA Regulation) and the related amending directive (the DORA Directive) were both published in the Official Journal on 27 December 2022. The Regulation will start applying from 17 January 2025 and Member States will be required to transpose the Directive by the same date.

ICT services are defined as "digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services". This is an intentionally broad definition reflecting the importance of ICT services to financial entities and to keep pace with technological developments.

Broadly, the DORA Regulation sets out operational resilience requirements both for financial services firms in their use of ICT services and for certain third parties providing those ICT services. DORA is therefore significant not only for financial services firms, but also providers of ICT services to financial entities – including, significantly, those based outside the EU.

The DORA Directive makes amendments to a number of directives, including AIFMD, MiFID II, UCITS Directive, CRD IVV and the Payments Services Directive, which effectively require relevant firms to reflect the DORA requirements in their organisational process.

Given the importance of this legislation – and the fact that it will apply as from early next year –  this section of the briefing note brings forward the summary from our 2023 New Year Briefing and adds developments that have occurred during the course of 2023.

Requirements imposed on EU financial services entities

DORA imposes a number of requirements on EU financial entities making use of ICT services. These are largely intended to consolidate and upgrade the current fragmented rules applicable to EU financial entities.

In-scope entities

EU financial entities subject to DORA include full-scope AIFMs, MiFID investment firms, UCITS management companies, credit institutions, CSDs, CCPs, payment institutions, e-money institutions, authorised cryptoasset service providers and trading venues. As a general matter, the requirements are to be implemented on a proportionate basis taking into account a number of factors, such as the size, nature and risk profile of the relevant financial entity and its activities.

Full or partial exemptions

Small entities that meet the criteria to be microenterprises, investment firms which are considered small and non-interconnected for the purposes of the EU Investment Firms Regulation and exempted payment and e-money institutions may benefit from exemptions from, or a lighter touch application of, some of the requirements.

The requirements in outline

There is a great deal of detail for in-scope firms to absorb, supplemented by the plethora of emerging technical standards; however, at a high-level the requirements in DORA that apply to financial service entities include:

• Governance related requirements/ICT risk management: including an internal control and guidance framework to manage ICT risks with the management body bearing ultimate responsibility. The ICT risk management requirements include a digital operational resilience strategy, systems and controls to minimise the impact of ICT risk; prevention measures to prevent loss of data and information leakage; measures to identify anomalous activities; and a business continuity policy and disaster recovery plan.
  
  
• ICT-related incident reporting requirements: including a requirement to implement a management process to detect and manage ICT-related incidents, an obligation to classify ICT-related incidents based on specific criteria and an obligation to report promptly major ICT-related incidents to the relevant competent authorities (and, in some cases, clients). Credit institutions and payment and e-money institutions are also required to comply with these obligations in respect of certain operational or security payment-related incidents.
  
  
• Digital operational resilience testing requirements: including a requirement for a digital operational resilience testing programme with independent testing at least annually.
  
  
• ICT third-party risk management requirements: including the adoption of a strategy on ICT third-party risks including pre-contractual assessments, notifications and reporting on certain ICT third-party contracts to the competent authorities and prescribed contents requirements for third-party ICT service contracts, including rights of access, obligations to provide assistance in the case of an ICT-related incident and co-operation with competent authorities.

EU oversight of critical ICT third-party service providers

The "flip side" to the DORA regime is the mechanism for EU oversight of critical ICT third-party service providers (which includes non-authorised entities and non-EU entities).

Assessment of criticality

The assessment of whether an ICT third-party service provider is considered critical for these purposes will be based on a number of criteria, including the systemic impact of a failure to provide the relevant services, the degree of substitutability of the ICT third-party service provider and the systemic character or importance of the financial entities relying on the service provider.

EU oversight

EU oversight would include an assessment of whether the critical ICT third-party service provider has in place effective arrangements to management ICT risks to financial entities and a right for the overseeing authority to request information from the critical ICT third-party service provider and carry out onsite inspections.

Third-country ICT third-party service providers

Crucially for UK and other non-EU entities, DORA includes a number of provisions specifically aimed at or impacting upon third-country third-party service providers. In particular, EU financial entities may only make use of the services of a third-country critical ICT third-party service provider which has established an EU subsidiary within 12 months of being designated as critical. However, the recitals to DORA state that this does not prevent ICT services and related technical support being provided from facilities and infrastructures located outside the EU.

DORA also includes some provisions purporting to allow the overseeing authority to exercise some of its powers in respect of the ICT service provider's premises located in a third-country, but these would require the consent of the ICT service provider and potentially co-operation with the relevant third-country competent authority. Therefore, it is not clear how effective these would be in practice.

Third-country ICT service providers may also be prohibited from entering into subcontracting arrangements where the relevant subcontracting concerns a critical or important function of the financial entity and the overseeing authority considers that the subcontracting poses a clear and serious risks to financial stability or to EU financial entities.

Delegated Acts and Technical standards

Delegated Acts

The ink had not dried on DORA itself when the European Supervisory Authorities (ESAs) started work on advising on the relevant delegated acts and developing the requisite technical standards for the regime. This is where the nitty-gritty details will lie.

In December 2022, the European Commission had issued a request for advice to the ESAs regarding delegated acts on:

• The criteria for designation as a critical ICT third-party provider.
  
  
• The fees to be charged to those critical ICT third-party providers as regards their oversight.

The ESAs published a discussion paper relating to such advice on 26 May 2023. The ESAs' final report was delivered to the Commission on 29 September 2023.

Following on from the above, on 16 November 2023, the Commission issued a short consultation on drafts of:

• Delegated regulation supplementing DORA specifying the criteria for the designation of ICT third-party service providers as critical for financial entities.
  
  
• Delegated regulation supplementing DORA determining the amount of oversight fees to be charged by the Lead Overseer to critical ICT third-party service providers and the way in which those fees are to be paid.

The consultation closed on 14 December 2023. The Commission plans to adopt both delegated regulations in Q2 2024.

DORA deliverables: mandates to ESAs

DORA mandates the ESAs to prepare a set of "policy products" (mostly, but not entirely, technical standards) with two main submission deadlines: 17 January 2024 (first batch) and 17 July 2024 (second batch):

First batch of technical standards

On 19 June 2023, the ESA published four consultation papers on draft technical standards under DORA by way of addressing the first batch of mandates (emboldened in the above table):

• Consultation: Draft RTS to further harmonise ICT risk management tools, methods, processes and policies as mandated under Articles 15 and 16(3) of Regulation (EU) 2022/2554
  
  
• Consultation: draft RTS on specifying the criteria for the classification of ICT related incidents, materiality thresholds for major incidents and significant cyber threats under Regulation (EU) 2022/2554:
  
  
• Consultation: Draft RTS to establish the templates composing the register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party providers as mandated by Regulation (EU) 2022/2554
  
  
• Consultation: Draft RTS to specify the detailed content of the policy in relation to the contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers as mandated by Regulation (EU) 2022/2554

An introductory note published by the EBA set out more details on the drafts. The consultations closed on 11 September 2023. The ESAs expect to submit this first batch of draft standards to the European Commission by 17 January 2024.

Second batch of draft technical standards

On 8 December 2023, the ESAs published a set of six consultations on the second batch of mandates (not emboldened in the above table). The consultations close on 4 March 2024. The ESAs expect to submit this second batch of technical standards to the European Commission by 17 July 2024 (i.e. by the deadline for the mandate). The ESAs have also published a short explanatory note on the consultations.

• Consultation: Draft RTS on the content of the notification and reports for major incidents and significant cyber threats and determining the time limits for reporting major incidents and Draft ITS on the standard forms, templates and procedures for financial entities to report a major incident and to notify a significant cyber threat
  
  
• Consultation: Draft RTS to specify the elements which a financial entity needs to determine and assess when subcontracting ICT services supporting critical or important functions as mandated by Article 30(5) of Regulation (EU) 2022/2554
  
  
• Consultation: Joint Guidelines on the estimation of aggregated annual costs and losses caused by major ICT-related incidents
  
  
• Consultation: Draft RTS on the harmonisation of conditions enabling the conduct of oversight activities under Article 41(1) points (a), (b) and (d) of Regulation (EU) 2022/2554
  
  
• Consultation: Joint Guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities under Regulation (EU) 2022/2554
  
  
• Consultation: Draft RTS specifying elements related to threat-led penetration tests

On 7 December 2023, the Bank of England, PRA and FCA published CP26/23 – Operational resilience: Critical third parties to the UK financial sector. Consultation closes on 15 March 2024. Further consultations and papers are expected. The Bank of England and the PRA will be consulting on a joint statement of policy relating to the use of their disciplinary powers over CTPs in due course (and the FCA will also be consulting separately on its disciplinary powers). In due course, the regulators will also be publishing a CTP approach document setting out how they will carry out their respective supervisory roles.

As we reported in our briefing Financial Services and Markets Act 2023: Building a Smarter Regulatory Framework in the UK? | Travers Smith one of the components of FSMA 2023 related to the development of a new regime under which HM Treasury will have the power to designate certain third parties providing critical services to authorised firms, payment and e-money institutions and financial market infrastructures (FMIs). The new regime is referred to as the "critical third party regime" and is, in many ways, the UK's answer to DORA. If designated, the services provided by such CTPs will be subject to direct oversight by the Bank of England, the PRA and/or the FCA. This may include making rules, giving directions, gathering information and taking enforcement action.

The consultation is primarily relevant to those CTPs that will be designated by HM Treasury, since they will be directly subject to the proposed new rule requirements and regulatory expectations. The consultation is also of interest to those authorised firms and FMIs that use CTP services though the regulators are at pains to stress that nothing in the CP will impose any additional requirements on firms and FMIs but rather the requirements "seek to complement" their existing obligations on operational resilience and third-party risk management.

The proposals set out in the consultation paper (which take account of responses to the regulators' discussion paper DP3/22 published in July 2022) address a number of issues and will result in the following outputs:

• Rule requirements applicable to CTPs set out in the Bank of England Rulebook, the PRA Rulebook and the FCA Handbook.
  
  
• A joint Bank/PRA/FCA supervisory statement on the regulators' expectations of how CTPs should comply with, and interpret, the applicable rules.
  
  
• A joint Bank/PRA supervisory statement and FCA guidance on the regulators' policy and expectations on the use of skilled person reviews of CTPs.

Identifying potential CTPs and recommending them for designation

Under section 312L FSMA 2000 (as amended by FSMA 2023), HM Treasury has the power to designate a third party that provides services to one or more authorised persons, relevant service providers and/or FMIs as a CTP. The legislation requires the Treasury to consult each of the regulators before designating a third party as a CTP: in practice, it is likely that the regulators will approach the Treasury with suggestions as to who should be designated, based on their own data and information. The regulators will be consulting on a new policy for outsourcing and third-party (OATP) data collection at some point in 2024. The expectation is that data collected from firms and FMIs will become the primary source of data to identify third parties as potentially critical. The consultation considers the criteria that the regulators will have regard to in terms of assessing whether third parties should be recommended for designation, including whether the statutory test for designation is met, assessing the materiality of the third party's services and other factors (such as substitutability).

CTP Fundamental Rules

In the consultation, the regulators propose that every CTP would be subject to six Fundamental Rules which are recognisably derived from the FCA Principles for Businesses (and the PRA Fundamental Rules) (i.e. every CTP must: conduct its business with integrity; conduct its business with due skill, care and diligence; act in a prudent manner; have effective risk strategies and risk management systems; organise and control its affairs responsibly and effectively; deal with the regulators in an open and co-operative way, and disclose to the regulators appropriately anything relating to the CTP of which they would reasonably expect notice).

These Fundamental Rules (as the name suggests) would apply to all services provided by a CTP to firms and FMIs, regardless of whether or not the services are material.

CTP Operational Risk and Resilience Requirements

By way of contrast, the eight Operational Risk and Resilience Requirements would only apply to a CTP's material services. These requirements – which are detailed – cover governance, risk management, dependency and supply chain risk management, technology and cyber resilience, change management, mapping, incident management and termination of services.

Information-gathering, self-assessment, testing, Skilled Person Review and information sharing

There will be a general requirement for every CTP to demonstrate its ability to comply with the relevant regulator(s)' rules annually and on request. In addition, each CTP will be required to submit a written self-assessment within three months of designation; after that each self-assessment will be required within 12 months of the last one. CTPs will be required to carry out prescribed scenario testing, testing their abilities to continue providing their services in "severe but plausible" circumstances.

In an extension to the existing section 166 regime, under section 166(A)(2) FSMA 2000, each of the regulators is empowered to require a CTP, or any person connected with it, to appoint a skilled person to collect or update information. As with section 166, the regulator may itself appoint the skilled person if need be. The CTP will bear the cost of the skilled person's appointment.

Notifications

CTPs will be required to notify the relevant regulator and their customer firm or FMI if certain incidents occur. Importantly, although they will not be subject to these new, detailed CTP-specific notification requirements, firms will continue to be subject to the notification requirements set out in Principle 11 of the FCA Principles for Businesses, PRA Fundamental Rule 7 and the general notification requirements set out in the FCA and PRA rules. FMIs are subject to similar requirements.

Misleading use of designation status

In response to concerns raised at the discussion paper stage that designation might be unjustifiably viewed as some kind of "seal of approval" or "regulatory kite-mark", the regulators propose that CTPs would be required to refrain from indicating or implying that they have the approval or endorsement of the regulators by virtue of their designation as a CTP or being overseen by the regulators in respect of the services they provide to firms of FMIs. Similarly, they will not be allowed to suggest that designation or regulatory oversight confers any advantage on the firm, FMI or other user of the services.

Nomination of a legal person for non-UK CTPs

One of the fundamental precepts of the new regime is that it is – as the regulators put it – agnostic about the location of the CTP. In other words, the regime will apply to a designated CTP wherever it is located. In addition, there is no requirement for the CTP to subsidiarise or establish a UK branch. However, where a CTP's head office is outside the UK, it would be required to nominate a legal person with authority to receive documents and notices from the regulators – the recommendation is that this should be a law firm or other suitable UK-based corporate body, partnership, or LLP.

CTP regime vs DORA

Some have referred to the CTP regime as "UK DORA". It is true that both the EU and UK regimes are designed to address the same concerns about critical technology and other providers and there are broad similarities between the two. However, it is fair to say that the DORA regime – including the large number of technical standards outlined in the previous item is more detailed and apparently more prescriptive. For instance, DORA sets out particular requirements relating to contractual requirements. By comparison, the UK regime is more principles-based, though that is not to say that it is lacking in detail or that the regulators would have no teeth. The eight Operational Risk and Resilience Requirements (which would apply to a CTP's material services) drill down into considerable detail on matters such as governance, risk management, dependency and supply chain risk management, technology and cyber resilience, change management, mapping, incident management and termination of services.

Because, as outlined above, the CTP regime is agnostic about the location of the CTP, the natural conclusion is that, depending on designation, some material providers will necessarily find themselves subject to, and having to comply with, both regimes.

On 18 October 2023, European Commission Delegated Regulation (EU) 2023/2175 supplementing the EU Securitisation regulation with regard to regulatory technical standards (RTS) specifying in greater detail the risk retention requirements for originators, sponsors, original lenders and servicers was published in the Official Journal. These have been a long time coming. The European Commission had previously adopted the delegated regulation on 7 July 2023, following a consultation back in June 2021 and publication by the European Banking Authority (EBA) of a final draft RTS in April 2022.

The RTS entered into force on 7 November 2023 (repealing and replacing Commission Delegated Regulation (EU) 625/2014 (RTS specifying the requirements for investor, sponsor, original lenders and originator institutions relating to exposures to transferred credit risk) – i.e. the regulatory technical standards under the EU Capital Requirements Regulation that had previously applied to securitisation positions created on or after 1 January 2019).

The RTS specify various technical details in relation to the EU Securitisation Regulation's risk retention requirements. Although some of these carry forward similar concepts and provisions which had previously applied under the EU CRR RTS, there a number of new, substantive provisions.

The RTS cover the following:

• The methods of retaining risk, including:
  
  
  • Retainers of a material net economic interest (Article 2): many of the provisions are similar to those which had existed under the EU CRR RTS, but the new RTS address the "sole purpose" requirement as set out in the EU Securitisation Regulation (i.e. that an originator must not have been established or operate for the sole purpose of securitising exposures). The EU CRR RTS had predated the sole purpose test. The new RTS specifies the circumstances in which an entity is not to be considered as having been established, or operating, for the sole purpose of securitising exposures where (broadly speaking) the entity has a strategy and the capacity to meet payment obligations consistent with a broader business model supported by capital, assets, fees or other sources of income so that the entity does not rely on the exposures to be securitised and the members of the management body have the necessary experience to carry on that business strategy.
    
    
  • Fulfilment of the retention requirement through a synthetic or contingent form of retention (Article 3).
    
    
  • Retention equivalent to be not less than 5% of the nominal value of each of the tranches sold or transferred to investors (Article 4), retention of randomly selected exposures to be equivalent to no less than 5% of the nominal value of securitised exposures (Article 6); retention of a first lost exposure of not less than 5% of every securitised exposure (Article 8).
    
    
  • Retention of originator's interests in revolving securitisation of securitisation of revolving exposures (Article 5).
    
    
  • Retention of the first loss tranche (Article 7).
    
    
  • Application of the retention options on traditional NPE securitisations (Article 9).
    
    
• Measuring the level of retention (Articles 10-11) in terms of the criteria to be applied.
  
  
• The prohibition on hedging or selling the retained interest (Article 12) – i.e. the Article 6(1) obligation to retain on an ongoing basis a material net economic interest in the securitisation will be deemed to have been met only where the retained material net economic interest is not subject to any credit risk mitigation or hedging of either the retained securitisation positions or the retained exposures and the retainer does not sell, transfer or otherwise surrender all or part of the rights, benefits or obligations arising from the retained net economic interest.
  
  
• The conditions for exempting transactions based on a clear, transparent and accessible index (Article 13):
  
  
  • Article 6(6) of the EU Securitisation Regulation provides that transactions which are based on a clear, transparent and accessible index, where the underlying reference entities are identical to those that make up an index of entities that is widely traded, or are tradable securities other than securitisation positions, are exempt.
    
    
  • Article 13 of the RTS for risk retention requirements provides that this shall include securitisation positions in the correlation trading portfolio which are either reference instruments (as referred to in Article 338(1)(b) of CRR) or which are eligible for inclusion in the correlation trading venue.
    
    
• The conditions for retention on a consolidated basis (Article 14).
  
  
• The impact of fees paid to the retainer on the effective material net economic interests (Article 15) – this addresses the requirements on the allocation of cash flows and losses to the retained interest and on fees payable to the retainer.
  
  
• Fulfilment of the retention requirement in securitisations of own issued debt instruments (including covered bonds) – this is new (Article 16).
  
  
• Assets transferred to the SSPE (Article 18).
  
  
• The methods of retaining risk in traditional securitisations of non-performance exposures (Article 19) – including the imposition of an expertise requirement on the servicer of a traditional NPE securitisation.

On 21 December 2023, the European Securities and Markets Authority (ESMA) published a consultation paper on the securitisation disclosure templates under Article 7 of the EU Securitisation Regulation.

By way of background, in October 2022 the European Commission had published a report on the functioning of the Securitisation Regulation. In that report, it had identified a number of areas where improvements could be made; this included in relation to the transparency requirements. It invited ESMA to review the existing technical standards for the disclosure framework.

ESMA sought feedback from a selected number of stakeholders in different segments of the securitisation market on various aspects of the securitisation regime as identified by the European Commission report; more particularly, stakeholders were asked to give their views on a granular, field-by-field review of the existing disclosure templates and also in relation to the development of potential new templates.

Perhaps not surprisingly, given that the stakeholders represented different segments of the market (originators and issuers, credit rating agencies, securitisation repositories, trade associations, supervisors and private and institutional investors), the responses were not consistent.

Following on from that, ESMA set out for consultation four mutually exclusive policy options with regards to the existing securitisation disclosure templates:

• Option A: to postpone the review of the templates until further changes to the Level 1 text have been made.
  
  
• Option B: to maintain the current disclosure framework, with the introduction of a few amendments.
  
  
• Option C: to conduct a targeted review with the aim of streamlining the disclosure templates and developing a new, dedicated template for private securitisations.
  
  
• Option D: to conduct a thorough review of the disclosure templates, with the aim of fundamentally simplifying the framework.

Consultation closes on 15 March 2024. ESMA will then review the feedback and consider how best to revise the disclosure framework. The implication is that this will involve picking one of the four policy options outlined above, but ESMA says that it will also consider feedback that suggests "possible other combinations" of those options.

Introduction

On 22 November 2023, HM Treasury published, for consultation, a Policy Note on the Short Selling Regulations 2024. Consultation closed on 10 January 2024. The draft statutory instrument, The Short Selling Regulations 2024, was attached.

Background

On 9 December 2022, as part of the government's package of Edinburgh Reforms announced by the Chancellor that day, HM Treasury published a Call for Evidence, marking the first stage in its Short Selling Regulation Review. That consultation closed on 4 March 2023 and on 11 July 2023 the government published its response. The overall aim was and is to replace the UK Short Selling Regulation as 'onshored' with a model that is specifically tailored to the UK and its markets.

At the same time as responding to the Call for Evidence, the government published a consultation on the regulation of sovereign debt and credit default swaps. The response to that consultation was published at the same time as the Policy Note.

The Short Selling Regulations 2024

The statutory instrument will entirely replace assimilated law related to short selling and will have the effect of creating a new, domestic regulatory framework for the activity. Most firm-facing requirements that were previously contained in the assimilated law version of the Short Selling Regulation will be replaced by FCA rules, made by the regulator under powers granted under the instrument. The result will be that the instrument will set out a brief, statutory framework – the details will be in the FCA Handbook.

In the light of the above, the statutory instrument will broadly address the following:

• Scope:
  
  
  • The instrument will define and set out the designated activity of short selling of shares and related instruments:
    
    
    • Short selling activities will be specified as designated activities under section 71K FSMA 2000 (as amended by FSMA 2023) – because of this the Treasury is able to give the FCA rulemaking, supervisory and enforcement powers in relation to short selling – without all firms in scope of the activity being authorised.
      
      
    • The short selling regime will only apply to shares or debenture instruments (as defined in sections 76, 77(1), 77A or 78(1) of Regulated Activities Order as applicable) where such instruments are admitted to trading on a UK trading venue (including the instrument when traded outside such venue). It does not extend to sovereign debt or sovereign credit default swaps, which are currently subject to the 'onshored' SSR. The government had confirmed in its November 2023 response on the consultation on sovereign debt and credit default swaps that the UK should no longer restrict short selling of such instruments.
      
      
    • A "short sale" will be defined as meaning any sale of the share or debt instrument which the seller does not own at the time of entering into the agreement to sell including such a sale where at the time of entering into the agreement to sell the seller has borrowed or agreed to borrow the share or debt instrument for delivery at settlement. Repos, stock loans, futures contracts or other derivative contracts are expressly excluded.
      
      
    • The FCA will be granted rulemaking powers to expand upon the statutory definitions when required.

• FCA rule-making power:
  
  
  • Provides the FCA with the power to make "designated activity rules" requiring a person engaging in short selling activity concerning shares to comply with specified conditions or requirements.
    
    
    • Includes the ability on the part of the FCA to impose restrictions on uncovered (or so-called "naked") short selling to ensure settlement of trades related to short selling.
      
      
• Notifications:
  
  
  • The initial notification threshold for reporting a net short position to the FCA is 0.2% of the issued share capital.
    
    
    • Incidentally, on 27 November 2023, The Short Selling (Notification Threshold) Regulations 2023 were laid before Parliament and come into force on 5 February 2024 – these amend Article 5(2) of the UK Short Selling Regulation (i.e. the 'onshored' EU legislation) to increase the notification threshold for the notification of net short position in shares to the FCA from 0.1% to 0.2%.
      
      
  • The FCA may make designated activity rules requiring a person who has a net short position in the issued share capital of a company which is equal to or greater than 0.2% to notify the FCA.
    
    
  • The FCA's designated activity rules can make provision for various things, including the circumstances in which someone has a net short position, how to calculate a net short position, how and when a notification must be made, and the form and content of the notification.  
    
    
• Publication:
  
  
  • The FCA is required to publish the aggregate net short position in relation to each issuer, based on the individual position notifications it receives. This is a departure from the current SSR regime under which the FCA publishes individual net short positions above 0.5% of issued share capital – i.e. per short seller.
    
    
  • The FCA must publish a regularly updated list of shares in relation to which the UK short selling regime applies (i.e. this is a "positive" list of in-scope shares, as opposed to the list of exempt shares which the FCA currently publishes).
    
    
• Exemptions:
  
  
  • The FCA's designated activity rules may make provision as to the circumstances in which the short selling regime does not apply in relation to a share or description of shares.
    
    
  • The designated activity rules may also exempt market making activities and stabilisation from certain short selling requirements.
    
    
• Emergency powers:
  
  
  • The FCA is given powers to intervene in exceptional circumstances – this may extend to banning short selling of a share or debt instrument.
    
    
  • These powers go beyond shares and debt instruments subject to the short selling regime, to cover all financial instruments as defined in Part 1 of Schedule 2 of the Regulated Activities Order.
    
    
  • The FCA must publish a statement of policy setting out how it will use its powers in exceptional circumstances.

Next steps

The FCA will consult shortly on how it will use its new rule making powers to implement the finer details of the new short selling regime. No date has yet been floated for a possible start date.

Background

The development of a domestic securitisation regime, founded on the substantive elements of the EU Securitisation Regulation regime, but calibrated for the purposes of the UK markets has been under consideration for a long time. Under article 46 of the UK Securitisation Regulation, as 'onshored', HM Treasury was required to review the functioning of the Regulation and lay a report before Parliament before 1 January 2022.

That final Report was published on 13 December 2021 and proposed a number of areas where changes might be helpful. Almost a year later, on 9 December 2022, as part of the Edinburgh Reforms initiative, the government published a policy statement on building a smarter financial services framework for the UK. In addition to setting out the general approach for repealing and replacing assimilated law, the policy statement included the idea of splitting files of retained EU law into "priority" tranches. The first tranche was to include delivery of the proposals for change arising from HM Treasury's Article 46 report – in other words, the development of a UK domestic securitisation regime was in the vanguard of changes to give effect to a new UK regulatory regime underpinned by legislation, but with the substance of the firm-facing requirements set out in regulators' rulebooks. A illustrative draft of proposed Securitisation Regulations 2023 was attached.

On 11 July 2023, HM Treasury published a further iteration - a "near-final" version - of The Securitisation Regulations 2023, together with an explanatory note setting out the policy background and a summary of the SI.

Finally, on 28 November 2023, HM Treasury published a further, updated draft of The Securitisation Regulations 2023 which contained some changes compared to the July version – broadly this entailed the removal of the due diligence requirements for trustees or managers of occupational pension schemes and the removal of the restrictions on establishing a securitisation special purpose entity (SSPE) in a high-risk jurisdiction. Separate legislation will deal with these requirements.

Between the July and November versions of the Regulations, the PRA and FCA published consultations on the rules that would give effect to the new requirements (see below).

The FCA rules, when read together with the PRA rules and the final Regulations will, as a package, comprise the new securitisation framework in the UK. In other words, a regime previously constituted by a single Regulation (albeit it one with Level 2 provisions) will be split between three sets of rules – this will inevitably mean that there will be some overlapping and duplication and also some differences in application depending on what is being regulated.

On 28 July 2023, the PRA published CP15/23 – Securitisation: General requirements.

On 7 August 2023, the FCA published CP23/17 – Rules relating to Securitisation.

The draft Securitisation Regulations 2023

In the highest terms, the final draft Securitisation Regulations 2023 establish the regulatory perimeter, impose some direct legislative regulation and provide the FCA and PRA with wide-ranging powers to make the firm-facing rules that will form the substance of the new regime. Broadly, the instrument exercises powers in Part 5A FSMA 2000 (as inserted by FSMA 2023) – the Designated Activities Regime – to create a new regulatory framework that will replace the current UK Securitisation Regulation.

Regulatory perimeter: provision of securitisations  – designated activities

On the "sell side", Part 2 of the Regulations specify all activities relating to the "manufacturing" of securitisations under section 71K of FSMA as designated activities – i.e. acting as an originator, sponsor, original lender or securitisation special purpose entity (SSPE); and selling a securitisation position to a UK retail client. The FCA may make "designated activity rules" for these purposes. (This is the same empowerment tool used by the Short Selling Regulations 2024.) The Regulations also introduce a new power of direction for the FCA in relation to those authorised and unauthorised firms subject to its rules under the designated activities regime.

Regulatory perimeter: investment in securitisations – due diligence for institutional investors

On the "buy side", Part 7 of the Regulations requires the regulators to make general rules requiring a relevant institutional investor to carry out due diligence before, and while, holding a securitisation position. "Institutional investor" is defined as an investor that is an insurance undertaking, reinsurance undertaking, the trustees or managers of an occupational pension scheme, an AIFM with Part 4A permission to manage an AIF (article 51ZC of the Regulated Activities Order), a small registered UK AIFM, a UCITS/UCITS management company, a CRR firm and an FCA investment firm. The November Regulations narrowed the rule-making requirement to cover rules requiring a relevant institutional investor to carry out due diligence – this means an institutional investor that is an FCA authorised person and which is not the trustees or managers or an occupational pension scheme or the originator, sponsor or original lender in that securitisation. As mentioned above, HM Treasury will lay separate legislation dealing with the obligations regarding occupational pension schemes in 2024.

As will be seen from above, non-UK AIFMs have been removed from the definition of institutional investor. This means that such non-UK AIFMs will in future benefit from not being subject to the UK due diligence requirements.

The Regulations impose specific obligations on the FCA when making rules requiring a small registered UK AIFM to carry out due diligence. These are required because the FCA's general rule-making power does not extend to small registered AIFMs.

Matters to which the FCA and PRA must have regard

The FCA and PRA will be required to have regard to the coherence of the overall framework for the regulation of securitisation when making rules relating to securitisation. This requirement will apply on an ongoing basis.

Framework for recognising STS-equivalent non-UK securitisations

Under the Regulations, HM Treasury has the power to designate other countries or jurisdictions as having a law or practice that has equivalent effect to applicable UK law relating to small, transparent and standardised (STS) securitisations. The Regulations restates the power of HM Treasury to designate other countries or territories in relation to their laws and practice in relation to simple, transparent and standardised securitisations as having equivalent effect to UK law relating to STS securitisations. Schedule 2 to the Regulations then makes amendments to the Capital Requirements Regulation, the Solvency II Delegated Regulation and the Money Markets Funds Regulation to expressly refer to such "overseas STS securitisations" in order to extend the capital, liquidity and investment vehicle holding benefits that attach to UK securitisations so that they will apply to them also. Schedule 2 also contains a minor amendment to EMIR which will have the effect of exempting STS-equivalent non-UK securitisations from the clearing obligation.

Other provisions

The Securitisation Regulations 2023 also contain provisions relating to securitisation repositories, the registration of third parties verifying STS compliance and various provisions relating to monitoring and discipline and enforcement by the FCA.

PRA consultation

On 28 July 2023, the PRA published CP15/23 – Securitisation: General requirements. Consultation closed on 30 October 2023. The proposed implementation date for the changes resulting from the consultation is given as Q2 2024, subject to progress on the draft Securitisation Regulations 2023. Given that that draft appears to be well-advanced (see above) implementation in Q2 2024 is looking highly likely.

The PRA consultation is specifically relevant to:

• All categories of PRA-authorised persons established in the UK (including CRR firms, Solvency II firms, non-CRR firms and non-Solvency II firms);
  
  
• Qualifying parent undertakings (comprising financial holding companies and mixed financial holding companies) and credit institutions, investment firms and financial institutions that are subsidiaries of these firms,

to the extent involved in securitisations. The PRA consultation is not relevant to non-UK firms with UK branches – they will not be caught.

In outline, the consultation sets out the PRA's proposed rules to replace assimilated law requirements on PRA-authorised persons that are currently found it:

• Provisions of the UK Securitisation Regulation for which the PRA has supervisory responsibility.
  
  
• The Risk Retention Technical Standards.
  
  
• The Disclosure Technical Standards.

The proposals in the consultation would result in:

• A new Securitisation Part of the PRA Rulebook.
  
  
• Changes to SS10/18 – Securitisation: General requirements and capital framework.
  
  
• A new Statement of Policy (SoP).

By way of general approach, the PRA rules would replace the relevant firm-facing provisions in the UK Securitisation Regulation, the Risk Retention Technical Standards and the Disclosure Technical Standards (as they affect PRA-authorised firms) but the overall substance of the existing requirements would be preserved  and carried forward – except for some specified policy changes.

FCA consultation

On 7 August 2023, the FCA published CP23/17 – Rules relating to Securitisation.  Consultation generally closed on 30 October 2023 (although the deadline was extended to 20 November 2023 in relation to Chapter 4 (Due diligence requirements for institutional investors as a result of an Addendum that was published on 16 October 2023)).

The FCA will consider the feedback and intends to publish its final rules in a Policy Statement in Q2 2024 – the implementation date for the changes will be set to take place closely following such publication (i.e. also Q2 2024), subject to progress on the draft Securitisation Regulations 2023.

The consultation paper sets out proposed new rules to replace the firm-facing provisions currently contained in the UK Securitisation Regulation – these are migrating into the FCA Handbook as part of the repeal and replacement of assimilated law in keeping with the government's "smarter regulatory framework". Generally speaking, the substance of the current requirements will be preserved, though there are some notable policy changes when it comes to due diligence and risk retention requirements and the FCA has also taken the opportunity to effect a number of clarificatory or stylistic changes. There is a helpful Derivation and Changes Table in Annex 4 to the consultation paper that sets out each of the provisions which is being changed, and delineating in each case whether the change is one of substantive policy or is a matter of Handbook-style drafting.

In summary therefore:

• The consultation paper contains the proposed legal instrument, together with all related technical standards and their annexes.
  
  
• The new rules will be set out in a new Handbook module called the Securitisation Sourcebook (SECN).

The FCA consultation is specifically relevant to:

• All categories of FCA-authorised persons that are involved in the securitisation markets – either as institutional investors on the buy-side or as "manufacturers" on the sell-side – i.e. original lenders, originators, sponsors, and/or (as appropriate) SSPEs of securitisations. The draft rules fix an inherent ambiguity that currently applies as regards the application of the securitisation regime requirements to sell-side parties – they make it clear that the rules will only apply to UK-established original lenders, originators, sponsors and/or SSPEs.
  
  
• Unauthorised entities acting as original lender, originator or SSPE of a securitisation within scope of the new Designated Activities Regime – the FCA has clarified that it will regulate not only authorised firms involved in securitisation but also unauthorised entities acting as original lender, originator, or SSPE of a securitisation.
  
  
• Individuals holding offices or positions involving responsibility for taking management decisions at firms involved in securitisation markets.
  
  
• Third party verifiers of STS securitisations.
  
  
• Securitisation Repositories.

Note that the draft FCA rules relating to due diligence, risk retention, asset selection and credit-granting do not apply to firms with a PRA authorisation (who will be subject to the PRA Rulebook – see above). However, other firm-facing requirements in the draft FCA rules (e.g. requirements relating to STS securitisations) will apply to FCA and PRA authorised firms.

The STS notification and disclosure templates are not being changed at the moment (though a second consultation will address these in due course). The consultation also does not consider any Level 3 material so, for the time being, the FCA's existing post-Brexit approach to EU non-legislative materials will continue to apply and firms should continue to have regard to such materials.

Among other things, the FCA rules will make the following changes from the current regime:

• Verifying disclosure: Articles 5(1)(e) and (f) of the UK Securitisation Regulation on verifying disclosure by UK and overseas sell-side manufacturers will be replaced by new, more streamlined rules under which there will be a single approach requiring UK institutional investors to verify; that a manufacturer has provided sufficient information to enable them to independently assess the risk of holding the securitisation position; that they have received at least the information prescribed by the rules; and that there is a commitment from the manufacturer to make further information available.
  
  
• Delegation of due diligence: the rules clarify that where a delegating party authorises a managing party to make investment management decisions that might expose it to a securitisation, provided that managing party is also an institutional investor the delegating party may also delegate the due diligence obligation to the managing party (note that this does not apply when delegating the investment decision to an OPS – here the responsibility remains with the delegating party.
  
  
• Non-performing exposure (NPE) securitisations and risk retention: under the current regime, the risk retention for an NPE securitisation is calculated as 5% of the face value of the NPE. Under the FCA's draft rules, firms would be able to use a "non-refundable purchase price discount" (NRPPD) for NPEs. The NRPPD typically applies in securitisations of NPEs where they are generally sold to the SSPE at a (sometimes heavy) discount to reflect the likelihood of recovery. This would mean that the retention requirement would be calculated on the basis of the net value of the defaulted portfolio on the date of the securitisation (factoring in the NRPPD) as opposed to the face value of the underlying assets, reducing the absolute risk retention requirements in relation to an NPE securitisation.
  
  
• Risk retention and insolvency of retainer: the UK Securitisation Regulation requires risk to be retained on an ongoing basis (there is a limited exemption). The rules would allow an additional exception in the case that the retainer has gone insolvent: here a change in the retainer and a transfer of the retained interest would be permitted.
  
  
• Sole purpose test: the rules will add some detail to the factors which must be considered when deciding whether an entity has been established for the "sole purpose" of securitising exposures (such entities are ineligible to act as a risk retainer).
  
  
• Cash collateralisation for synthetic/contingent form of retention: under the existing regime, retainers that fulfil risk retention requirements through a synthetic or contingent form (e.g. by using a guarantee or a credit default swap) must ensure that the interest is fully collateralised is cash and held on a segregated basis as clients' funds (as if it were client money). At the moment, only credit institutions are exempt from this obligation. Going forward, the FCA proposes to extend the scope of this cash collateralisation exemption to cover all CRR and Solvency II firms: this is in keeping with the PRA's own proposals on this point.
  
  
• Additional criteria on "cherry picking": under the existing regime, originators are prohibited from selecting assets to transfer to the SSPE such that the SSPE bears higher losses on those assets than on comparable assets that are retained on the originator's balance sheet (as measured over a period of up to 4 years). In other words, originators are not allowed to "cherry pick" assets. The FCA rules contain a proposed exemption (reflecting what recital 11 of the EU Securitisation Regulation says) broadly stating that the rules should not restrict the ability of originators or sponsors to select assets which as a whole have a higher risk profile (for instance, a non-performing corporate loan) compared to other asset classes on the balance sheet of the originator (for example, a corporate loan), provided that investors are clearly notified about the higher risk profile. The rules will specify what "comparable assets" mean and how such comparability should be assessed.

PRA discussion paper on securitisation capital requirements

On 31 October 2023, the PRA published DP3/23 – Securitisation capital requirements. Against the backdrop of the implementation of the new UK Securitisation Regime, the discussion paper prepares the ground for a consultation that PRA will launching in H2, 2024 on the capital requirements for CRR firms' securitisation exposures. This will involve the development of PRA rules to replace Part Three, Title II, Chapter 5 of the UK Capital Requirements Regulation, as 'onshored' into the UK. The PRA refers to this as the "securitisation chapter".

The discussion paper does not contain any draft rules, but raises a number of key issues in order to seek feedback from firms and inform the regulator's policy approach:

• The BCBS standards: the PRA considers that it would be appropriate to broadly align with the standards of the Basel Committee on Banking Supervision.
  
  
• The Basel 3.1 output floor: in CP 16/22: Implementation of the Basel 3.1 standards the PRA had, among other things, proposed to implement the Basel 3.1 output floor (broadly, a limit on the use of internal models which requires that capital can fall to no lower than (i.e. is "floored" at) 72.5% of standardised RWAs across all risk types). The PRA is currently considering policy options in this regard. One would be to implement the Basel 3.1 output floor without any adjustment to the Pillar 1 framework for determining capital requirements for securitisation exposures. Another would involve a targeted and evidence-based adjustment to that framework.
  
  
• The hierarchy of methods for determining securitisation capital requirements: in the discussion paper, the PRA looks at ways of highlighting the hierarchy currently set out in the "Securitisation Chapter" with the Basel standards.
  
  
• The scope of the UK framework for simple, transparency and standardised (STS) transactions: the PRA sets out its policy considerations that generally favour maintaining the existing framework, which is aligned with the Basel standards.

The discussion paper closes for comments on 31 January 2024. As mentioned above, feedback will be used to inform the PRA's consultation, expected in H2 2024.

The European Commission proposed, in July 2021, a package of AML and CFT legislative proposals with three key pieces of draft legislation:

• Regulation establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA Regulation) and Annexes which establish the EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA).  This will be the EU central authority for anti-money laundering and countering the financing of terrorism whose functions will include developing guidelines and technical standards; directly supervising the riskiest cross-border financial institutions; and monitoring and coordinating national supervisors.
  
  
• Anti-Money Laundering Regulation which is largely based on the Fourth Money Laundering Directive and imposes directly effective rules to ensure harmonisation across the EU.  These include rules on customer due diligence and beneficial ownership; policies, controls and procedures requirements; and rules on reporting suspicious transactions.
  
  
• Sixth Money Laundering Directive which replaces the previous Money Laundering Directives (although most of the provisions directly applicable to firms will now be in the Anti-Money Laundering Regulation).

We discussed these pieces of legislation in more detail in last year's New Year Briefing.  Since then the proposals have been delayed and, as of the date of publication, none of the pieces of legislation had been finalised.  However, provisional agreement was reached on the AMLA Regulation in December 2023 with the location for the establishment of AMLA to be agreed in 2024.  It is also possible that the Anti-Money Laundering Regulation and the Sixth Money Laundering Directive will be finalised in 2024 – if this is the case then they would start to apply at some point during 2027.

Introduction

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) which was passed on 26 October 2023 introduced a number of new requirements for corporate entities and for registered limited partnerships.  The new corporate requirements include requirements for additional information to be provided to Companies House, restrictions on company names, requirements around registered addresses and requirements to verify the identity of directors, persons with significant control and persons delivering documents to Companies House.  The new requirements for registered limited partnerships include requirements to provide certain information on limited partners to Companies House, a requirement to have an "appropriate address" for the registered office and a new power for HMRC to require the limited partnership to provide audited limited partnership accounts.  Many of these changes are discussed in our briefing: Getting tough on corporate abuse: the Economic Crime and Corporate Transparency Act passes into law | Travers Smith.

In addition, ECCTA includes changes to money laundering legislation, the attribution of criminal liability to bodies corporate or partnerships and a new failure to prevent fraud offence.

Changes to money laundering legislation

ECCTA includes a new exemption under the Proceeds of Crime Act 2000 (POCA) where a person in the regulated sector (which includes authorised firms) pays out criminal property of less than £1,000 as part of terminating the business relationship with a client.  In order to rely on the exemption, the person must have complied with customer due diligence requirements under the Money Laundering Regulations 2017.  This exemption provides a defence to the offences of (i) concealing, disguising, converting, transferring and removing criminal property; (ii) entering into an arrangement in respect of criminal property; and (iii) acquiring, using and possessing criminal property.  This provision came into force on 26 October 2023.

In addition, there is another new exemption under POCA where a person in the regulated sector holds an account for a client where some but not all of the monies are suspected to be criminal property.  The person may pay monies out of that account provided that an amount at least equal to the value of the monies suspected to be criminal property remains in the account.  This exemption provides a defence to the same offences as above i.e. (i) concealing, disguising, converting, transferring and removing criminal property; (ii) entering into an arrangement in respect of criminal property; and (iii) acquiring, using and possessing criminal property.  This provision comes into force on 15 January 2024.

There is also a new defence to the offence of failing to disclose under POCA where the relevant information was obtained as a result of certain immigration checks.  This provision came into force on 26 October 2023.

Finally, persons in the regulated sector who make certain permitted disclosures will be protected from action for breach of confidence or certain civil liability.  This (broadly) applies where the disclosure is in respect of a customer or former customer and is made to another person in the regulated sector where this is requested (broadly) for the purposes of customer due diligence or detecting/preventing economic crime or is required in order to carry out "safeguarding actions" such as terminating a business relationship.  This provision comes into force on 15 January 2024.

Attribution of criminal liability

ECCTA sets out new circumstances under which criminal liability is attributed to bodies corporate and partnerships.  Where a senior manager of a body corporate or partnership, acting within the scope of their authority (actual or apparent), commits a specified offence then the body corporate or partnership will also be guilty of the offence.

This applies to both UK and non-UK entities with senior manager broadly meaning an individual who plays a significant role in the decision-making or activities of the entity.

The specified offences include a number of financial services related offences such as contravention of the general prohibition, contravention of the financial promotion restrictions, dealing in transferable securities without a prospectus, misleading the FCA or PRA, various POCA offences, and the offences relating to misleading statements and impressions under the Financial Services Act 2012.

This offence came into effect on 26 December 2023. However, the proposed Criminal Justice Bill which was introduced on 14 November 2023, proposes to replace the attribution of criminal liability offence in ECCTA with a broader offence which is not just limited to economic crime offences.  This would potentially make a corporate body or partnership criminally liable for any offence (not just a specified economic crime offence) committed by a senior manager while acting within the scope of their actual or apparent authority.  In order for the offence to be committed, at least some of the conduct would need to be in the UK.

Failure to prevent fraud offence

ECCTA also includes a new failure to prevent fraud offence.  "Large organisations" would be guilty of an offence if (broadly):

(i) a fraud offence is committed by an "associate" – which includes an employee, agent, subsidiary or person providing services on its behalf;

(ii) the offence is committed for the benefit of the organisation or a person to whom it provides services;  and

(iii) the organisation did not have reasonable fraud prevention procedures in place.

In certain cases, liability can also attach to the parent undertaking.

Large organisations are defined as those satisfying two or more of the following: turnover over £36 million; balance sheet of more than £18 million; and/or over 250 employees. These include UK and non-UK bodies corporate or partnerships.  Where an undertaking is in a group which meets the above thresholds then it may also be in scope in certain cases.

The list of relevant offences includes various economic crime offences such as false accounting and false statements but not, as originally feared, the money laundering offences.  However, ECCTA provides that additional offences may be added to the list in the future including certain money laundering offences under POCA.

This offence is not yet in force and will not become effective until the government has published guidance on reasonable fraud prevention procedures.

We also discussed this new offence in more detail in our briefing: Getting tough on corporate abuse: the Economic Crime and Corporate Transparency Act passes into law | Travers Smith.

On 10 January 2024, The Money Laundering and Terrorist Financing (Amendment) Regulations 2023, came into force.  Under FSMA 2023, HM Treasury was obliged to distinguish between domestic and non-domestic politically exposed persons (PEPs) and has therefore introduced an amendment to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. 

As a result of the amendment, the "starting point" for obliged persons is that a customer or potential customer that is a domestic PEP (and any of its family members or known close associates) presents a lower level of risk than a non-domestic PEP and, if no enhanced risk factors are present, the extent of enhanced customer due diligence measures to be applied in relation to such a customer/potential customer is less than the extent to be applied in the case of a non-domestic PEP. Domestic PEPs for these purposes means PEPs entrusted with prominent public functions by the UK.

The FCA has also launched a review of the treatment of domestic PEPs which is due to report by the end of June 2024.