To help you keep abreast of recent developments, the Kemp Little FS team have set out below some of the key new and forthcoming regulatory changes relevant to financial services firms.  Please get in touch if you would like to discuss the implications of any of these for your business.

1. New Money Laundering Directive in force from 26 June 2017

The Fourth Money Laundering Directive ( “4MLD”) was published in 2015 and all EU member states had until 26 June 2017 to introduce implementing legislation. Notwithstanding this advance notice, HM Treasury only published the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR2017”) on 22 June 2017, with an implementation date of 26 June 2017.

The MLR2017 introduce a number of new provisions including:

• Requirements on certain businesses to produce a written assessment of money laundering risk;
• Requiring firms to establish processes to determine when enhanced/standard/simplified due diligence will be undertaken;
• New procedures around beneficial ownership;
• Extending the definition of politically exposed persons (“PEPs”) to include domestic PEPs. Previously PEPs only included individuals entrusted with a ‘prominent public function’ outside the UK; and
• New criminal sanctions (there are new criminal offences of prejudicing an investigation into a breach of MLR2017, and making false or misleading statements in purported compliance with a requirement imposed under MLR2017.

MLR 2017 will therefore impose greater compliance burdens on regulated entities and their employees. All firms need to thoroughly review their existing systems and controls to ensure that they are compliant, and will need to ensure that all staff are fully trained on the new rules and the importance of ensuring compliance.

For more detailed or specific advice on how best to ensure that your business is compliant with the new regulations, please contact Chris Boylan.

2. Senior Managers and Certification Regime

The Regulators have recently published a number of papers in relation to the SMCR regime including:

Guidance on the “duty of responsibility” under the SMCR – in force from 3 May 2017

The duty of responsibility imposes a requirement on senior managers to take reasonable steps to avoid regulatory breaches in their business areas.  The FCA’s guidance on the duty of responsibility, as set out in FCA PS17/9, and which will apply from 3 May 2017,  is similar, though not identical, to the guidance on the senior manager conduct rules.  The guidance gives a reasonably concise summary of how the FCA expects senior managers to run their businesses, including dealing with possible breaches in a timely way, overseeing delegated responsibilities properly, and assessing and monitoring their area’s governance, operational and risk management arrangements.

A point to highlight is that the FCA will consider whether a senior manager took reasonable steps to ensure an orderly transition when they were replaced in the performance of their function by someone else. The FCA previously applied the obligation to the firm or line manager rather than the mover/leaver themselves, and senior managers may find it difficult to comply if they are leaving their employer in a less than amicable context. However, this risk can be mitigated provided senior managers maintain a detailed governance and management framework as routine good practice, as this can form the basis of any handover document.

The PRA also issued a policy statement on 12 May 2017 dealing with optimisations to the SMCR and SIMR (PS12/17), with revised guidance regarding its expectations on the duty of responsibility.

Extension of Conduct Rules to Non-Executive Directors in Banking and Insurance sectors – in force from 3 July 2017

As set out in FCA PS17/8, with effect from 3 July, the FCA Conduct Rules will apply to standard non-executive directors (NEDs) in banks, building societies, credit unions, and dual regulated firms. This rule chance addresses the lacuna that was created when the regime was first introduced in 2016, and which meant that unlike Senior Managers, Certified Staff and other Conduct Rules staff, Standard NEDS were not obliged to comply with the Conduct Rules. The FCA recognises that it would not be appropriate to hold NEDS to all of the more onerous Senior Manager Conduct Rules, and so standard NEDS are now subject to the five individual Conduct Rules and Senior Manager Conduct Rule 4, which requires individuals to disclose appropriately “any information of which the FCA or PRA would reasonably expect notice”.

Firms therefore need to ensure that their NEDs receive appropriate training on their obligations under the Conduct Rules, and that any breaches of the Conduct Rules by NEDs, resulting in any form of disciplinary action, are captured in the annual report of Conduct Rules breaches, which needs to be made by the end of October 2017.

New rules on whistleblowing in UK branches of foreign banks – in force from 7 September 2017

As set out in FCA PS17/7 of 3 May, from September this year, UK branches of overseas banks will be required to inform their staff about the PRA and FCA whistleblowing services and how to access them.  They will also be required to inform staff that they are legally entitled to approach regulators directly whether or not they have raised a concern internally.

In addition, where a UK branch has a group company in the UK subject to the broader FCA/PRA whistleblowing obligations, the staff of the UK branch must be given access to their whistleblowing channels and told about this.

Affected firms will therefore need to ensure that they review and amend any internal policies, and that they make clear to staff the options available to them for raising concerns.

3. PSD II – in force in January 2018

The second Payment Services Directive (PSDII) is due to be implemented into UK law on 13 January 2018, through the Payment Services Regulations 2017. PSD2 brings into scope two types of activity that are currently not regulated. From January, entities that provide account information services and/or payment initiation services will need to be registered or authorised with the FCA. If an entity provides online services that collect information on their customer’s payment account, such as transaction data, then that entity may be an Account Information Services Provider (“AISP”). Similarly, entities that allow a customer to initiate payments from their bank accounts through them may be Payment Initiation Service Providers (“PISPs”).

The timing here could be tricky, however, and businesses that may fall within the category of AISP or PISP would do well to consider their options sooner rather than later. The FCA has said it will not have applications for AISPs and PISPs available until October 2017, leaving just three short months for such entities to obtain the necessary authorisations – and if they do not manage to do this in time, they will need to cease operating those aspects of their services until they can become authorised. This is further complicated by the absence of definitive finalised guidance on what these applications will need to contain. Businesses that find themselves in this situation should start thinking now about the best way to navigate the situation. We are of course very happy to help – please get in touch if you are considering how best to comply.

• Share this blog

• Twitter
• Facebook
• Linkedin