On 18 October 2024, the European Securities and Markets Authority (ESMA) issued a survey addressed to financial market participants subject to one or multiple reporting regimes concerning legal entities identifiers (LEIs). The purpose of the survey is to collect feedback on the potential impacts of adding other alternatives to LEIs in future reporting or record keeping regimes, or in the review of the existing reporting requirement. The deadline for responding to the survey is 12 November 2024.

On 18 October 2024, the Prudential Regulation Authority (PRA) issued Consultation Paper 14/24 – Large Exposures Framework (CP14/24). CP14/24 is relevant to PRA-authorised UK banks, building societies, PRA-designated investment firms, PRA-approved holding companies, PRA-designated holding companies and other Capital Requirements Regulation (CRR) consolidation entities. Background The large exposures framework in the UK consisted of requirements set out in Part Four of the CRR. The Financial Services Act 2021 removed these requirements and empowered the PRA to apply large exposures standards in PRA rules. These rules were transferred into the Large Exposures (CRR) Part of the PRA Rulebook in January 2022. Some rules were amended to implement the Basel large exposures standards as set out in PRA Policy Statement 22/21 – Implementation of Basel standards: Final rules. The remainder of the rules were transferred without material modifications. Consultation In CP14/24 the PRA sets out proposals to implement the remaining Basel large exposures standards. Such proposals include: Removing the possibility for firms to use internal model (IM) methods to calculate exposure values to securities financing transactions (SFTs). Introducing a mandatory substitution approach to calculate the effect of the use of credit risk mitigation (CRM) techniques. The PRA also proposes to amend the large exposures framework by: Removing the option for firms to exceed LE limits for trading book exposures to third parties. Allowing firms to exceed LE limits for trading book exposures to intragroup entities and simplifying the calculation of the additional capital requirements. Allowing firms to apply for higher LE limits to exposures to intragroup entities and amend the conditions firms need to meet to mitigate the higher concentration risk. Removing the exemption from LE limits to firms’ exposures to the UK deposit guarantee scheme. Removing the option for firms to use immovable property as CRM. Remove the stricter requirements on exposures to certain French counterparties. Also, the PRA sets out proposals to merge the Large Exposures (CRR) and the Large Exposures Parts of the PRA Rulebook to improve accessibility. The PRA also proposes to update Supervisory Statement 16/13 – ‘Large Exposures’ to amend the PRA’s expectations in light of the proposed changes set out in CP14/24. Next steps The deadline for comments on CP14/24 is 17 January 2025. The PRA states that: The implementation date for the changes resulting from the proposals would, except for the proposal on SFTs, take effect shortly after publication of the final Policy Statement. As a result of the changes to rules 2.1 and 2.2 of the Large Exposures Part of the PRA Rulebook, any modifications granted in respect of these rules will no longer be effective. The PRA recognises that this may not leave sufficient time for affected firms to apply for a higher non-core large exposures group (NCLEG) permission. The PRA proposes therefore that affected firms be offered a modification by consent to maintain the current position until March 2026. The PRA considers that this will allow affected firms sufficient time to apply for the higher NCLEG permission. NCLEG non-trading book and trading book permissions that were granted by the PRA prior to the effective implementation date would remain in place. Firms would no longer be required to allocate the trading book exposures they have to their NCLEG in ascending order of specific-risk requirements. The proposal to remove the possibility for firms to use IM methods to calculate exposure values to SFTs would take effect on 1 January 2026.

On 17 October 2024, the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) published speeches on growth. The PRA published a speech by Sam Woods (Deputy Governor for Prudential Regulation, Bank of England and Chief Executive Officer of the PRA) entitled Competing for growth. In his speech Mr Woods explains how the PRA is supporting the UK’s economic growth and international competitiveness, while maintaining financial stability. The FCA published a speech by Nikhil Rathi (FCA Chief Executive) entitled Growth: mission possible. In his speech Mr Rathi discusses the FCA’s secondary growth objective and that the regulator is having a more candid conversation about its collective risk appetite. He also notes that the FCA is seeking answers about what more it can do to support capital formation, productivity gains and financial services exports.

On 17 October 2024, HM Treasury (HMT) issued a consultation paper which sets out the government’s approach to regulating buy now pay later (BNPL) in more detail. It also responds to the feedback that HMT received to its previous consultation that ran between February 2023 and April 2023. There has also been published a draft statutory instrument (SI), The Financial Services and Markets Act 2000 (Regulated Activities etc.) (Amendment) Order 2025. Policy In chapter 2 of the consultation paper HMT asks for feedback on draft legislation that will deliver on the government’s policy. The chapter sets out the government’s position on: Scope: the government is capturing third-party lenders offering deferred payment credit (DPC) agreements but to ensure consumers have continued access to useful and low-cost forms of credit, agreements such as those facilitated by employers or registered social landlords will remain outside regulation. Disclosure requirements: the government does not intend to apply disclosure requirements in the Consumer Credit Act 1974 (CCA) to newly regulated agreements. The FCA will be able to use its rulemaking powers to develop an appropriate disclosure regime in line with the Consumer Duty that will maximise consumer understanding. Other regulatory controls: the government intends to ensure that financial promotions communicated by unauthorised merchants who offer third party lender BNPL agreements will need to be approved by an authorised person and that credit broking activities that relate to BNPL agreements will be excluded from regulation unless the activity is carried out in the home of a customer. Temporary Permissions Regime (TPR): recognising the need to act urgently, the government intends to legislate for a TPR to ensure BNPL products are brought into regulation as soon as possible. A TPR allows unauthorised firms to continue to operate their BNPL lending until their application for full authorisation has been processed. In chapter 3 HMT discusses the regulatory and non-legislative controls that, though not covered in the draft SI, are expected to apply to BNPL agreements once regulated. This includes Financial Ombudsman Service protection and the ability for the FCA to make rules, including on appropriate creditworthiness and affordability assessments. Next steps The deadline for comments on the consultation is 29 November 2024. Once the consultation is closed the government will consider the feedback received. It will look to lay the necessary SI as soon as Parliamentary time allows. The SI will set a ‘Regulation Day’, at which point BNPL products will become regulated. In the draft SI, the ‘Regulation Day’ is 12 months from the SI being made. In the intervening period, the FCA will consult upon and finalise new rules to apply from ‘Regulation Day’. During this period, there will also be a window for firms to register for the TPR.

On 17 October 2024, the G7 Cyber Expert Group (G7 CEG) issued a public statement (dated 25 September 2024) highlighting the potential cybersecurity risks associated with developments in quantum computing and recommending steps for financial authorities and institutions to take to address those risks. The statement notes that an initial set of quantum-resilient encryption standards was released by the National Institute of Standards and Technology (NIST) last month. Additional standards from NIST and other standard-setting bodies are expected in the future. The G7 CEG strongly encourages financial authorities and institutions to start taking steps to build resilience against quantum computing risks these include: Developing a better understanding of the issue, the risks involved, and strategies for mitigating those risks. Financial entities may consider outreach to vendors, third parties, and other subject matter experts to better understand the risks of quantum computing and potential technology solutions, with a particular focus on cryptographic risks. Issues they may want to focus on include the timelines for quantum technology development, the evolution of the threat landscape, and existing and emerging quantum resilience technologies and approaches. Financial entities should consider processes to track developments in these areas as they change over time. Assessing quantum computing risks in their areas of responsibility. Financial entities should develop a sound understanding of quantum computing risks to their particular areas of responsibility, whether that is an individual company or a jurisdiction. The intention is to identify the level of effort the entity should dedicate toward the issue and the specific area(s) where it should focus. Developing a plan for mitigating quantum computing risks. Financial entities should consider establishing governance processes, identifying key stakeholders and their roles and responsibilities, and establishing milestones for key actions based on the anticipated deployment of a cryptographically relevant quantum computer.

On 17 October 2024, the Financial Conduct Authority (FCA) published a speech on “Ten years of FCA innovation: impact and opportunity” which was delivered by its chief data, information and intelligence officer, Jessica Rusu, at an FCA Innovation 10th anniversary event. FCA innovation over the past 10 years The speech notes that 10 years ago, the FCA became the first financial regulator in the world to launch a regulatory sandbox, and that since then it has supported almost 1,000 firms and over 95 other regulators have introduced a sandbox model. Ms Rusu outlines the FCA’s innovation initiatives to date and gives examples of their successes, highlighting the key role played by the “strong partnership between industry and regulator”. She explains that as part of its 10th anniversary celebrations, the FCA has published a Lookback Report which includes detail on the depth and breadth of its services and the support it has provided to firms across the financial services landscape over the past decade. Future of AI in financial services The remainder of the speech considers future innovation in financial services, the most transformative of which is artificial intelligence (AI). Ms Rusu confirms that AI is a priority for the FCA, noting that as a regulator it must play a critical role in ensuring AI is deployed in a way that is safe, fair and in the best interests of consumers and the market as a whole. Launch of the AI Lab As part of the FCA’s ongoing commitment to innovation, the FCA is launching an AI Lab, which is the next step in its mission to help firms overcome challenges they face in building and implementing AI solutions, as well as supporting the Government’s work on safe and responsible AI development. Ms Rusu explains that the FCA is also exploring closer collaboration with the Digital Regulation Cooperation Forum on this initiative, as a natural evolution in their work together after having collaborated on the AI & Digital Hub. The AI Lab is intended to play a critical role by providing AI-related insights, discussions, and case studies, helping the FCA to deepen its understanding of potential AI risks and opportunities in a collaborative environment, where regulators and industry can “engage candidly and openly”. The AI Lab will be made up of 4 components: AI Spotlight, which will provide a space for firms and innovators to share real-world examples of how they are leveraging AI, and to share emerging AI solutions that will lead to industry growth. Projects accepted to the AI Spotlight will be featured on a dedicated Digital Spotlight webpage and will also take part in a Showcase Day at the FCA London office on 28 January 2025. AI Sprint, which aims to bring together the brightest minds in industry, academia, regulation, technology and consumer representatives, to focus on how to enable the safe adoption of AI in financial services. The inaugural AI Sprint will take place in January 2025. AI Input Zone, where the FCA will invite all stakeholders to have their say on the future of AI in UK financial services, including its regulatory approach, through an online feedback platform. The platform will open in November 2024. Supercharged Sandbox: Looking ahead, the FCA plans to run AI-focused TechSprints and enhance its Digital Sandbox infrastructure through greater computing power, enriched datasets and increased AI testing capabilities.

In our latest podcast, our global Financial Services team covers recent regulatory and enforcement developments in the UK, US, Australia and Dubai in relation to off-channel messaging, as well as practical steps that global firms can be taking now in this area to manage their risk. Listen to the episode here. This is a two-part podcast series and in the second part of the series to follow, we will discuss promotional messages on social media platforms.

On 16 October 2024, the European Securities and Markets Authority (ESMA) issued an Opinion responding to the European Commission’s (Commission) proposal to amend the two draft regulatory technical standards (RTS) under the Markets in Crypto Assets Regulation (MiCAR) which specify the information to be included in: A notification by certain financial entities of their intention to provide crypto-asset services. An application for authorisation as crypto-asset service provider. On 25 March 2024, ESMA published its first final report on draft technical standards specifying certain requirements of MiCAR (including the draft RTS on notifications and the draft RTS on authorisations) and submitted it to the Commission for adoption. On 3 September 2024, ESMA received two letters from the Commission informing ESMA that it intended to adopt the two proposed RTS with amendments, which were included in an Annex to the letters, and invited ESMA to submit new draft RTS to the Commission reflecting these amendments. The Opinion now published sets out ESMA’s view on how the draft RTS should be amended in light of the approach set out by the Commission. ESMA notes the legal interpretation by the Commission limiting the mandates to ESMA in Articles 60(13) and 62(5) of MiCAR. However, ESMA also reiterates the importance of the policy objectives pursued by its initial proposal to require a cybersecurity audit realised by a third-party cybersecurity auditor. To ensure that crypto-asset service providers are subject to a thorough screening process, including in relation to their ICT systems, prior to their entering into the crypto-asset market, ESMA recommends that the Commission amends MiCAR’s level 1 text to include such a requirement for a cybersecurity audit realised by a third-party auditor at the time of the authorisation. Next steps The Opinion has been communicated by ESMA to the Commission, the European Parliament and the European Council. The Commission may adopt the two draft RTS with the amendments it considers relevant or reject it. The European Parliament and the Council may object to an RTS adopted by the EC within a period of three months.

On 16 October 2024, the European Securities and Markets Authority (ESMA) published updates to its: Q&As on transparency and market structure issues. Manual on post-trade transparency. Opinion on the assessment of pre-trade waivers considering MiFIR Review transitional provisions. The updates follow ESMA’s statement in March on the transition for the application of the MiFID II / MiFIR Review, to reflect the changes introduced.

On 17 October 2024, the Financial Stability Board (FSB) issued a consultation on a Format for Incident Reporting Exchange (FIRE). FIRE is a common format for financial firms’ reporting of operational incidents, including cyber incidents. It provides a set of common information items for reporting incidents but does not define common reporting triggers, deadlines or mitigation approaches. The consultation package consists of (i) a ‘human-readable’ format, (ii) a structured data model of FIRE using the reporting-language-agnostic Data Point Model method, and (iii) a taxonomy in eXtensible Business Reporting Language (XBRL) as a sample machine-readable version of FIRE. Next steps The deadline for comments on the consultation is 19 December 2024. The FIRE project is expected to be finalised around mid-2025, reflecting feedback from the public consultation and outcomes from the testing phase. The FSB will hold a workshop with industry and authorities in 2027 (around two years after FIRE is finalised) to take stock of their experiences with FIRE, including any implementation challenges. This will inform the need for any revisions to FIRE, as well as provide insight into FIRE’s overall success ahead of determining the long-term maintenance of FIRE outside of the FSB.

The resolution of two sanctions-related investigations over the last month by both the Financial Conduct Authority (FCA) and the Office of Financial Sanctions Implementation (OFSI) could signal the start of the anticipated increase in UK enforcement in respect of failings relating to financial sanctions systems and controls (in the case of the regulated sector) and breaches of the Russia (Sanctions) (EU) Regulations 2019 (the Russia Regulations).  While there is a substantial contrast between the FCA’s £29 million fine and OFSI’s £15,000 penalty, both enforcement actions demonstrate the UK’s commitment to pursue compliance failings and breaches of financial sanctions when they occur. In relation to the FCA fine of £29 million imposed on a digital ‘challenger bank’ for financial crime systems and controls failures, the Final Notice states that the FCA identified “serious concerns” with the bank’s anti-money laundering (AML) and financial sanctions framework.  As a result, the bank agreed to commence an AML Enhancement Plan and entered into a voluntary requirement (VREQ), agreeing not to open new accounts for high-risk customers while it improved its AML control framework.  However, in breach of the VREQ, the bank opened over 54,000 accounts for 49,000 high-risk customers between September 2021 and November 2023.  This included 294 customers that had previously been exited for financial crime reasons, of which 161 had previously been subject to suspicious activity reports. The FCA also found: (i) systematic failures in the bank’s assessment of financial sanctions risk; (ii) inadequate policies and procedures relating to sanctions screening; and (iii) no formal mechanism for testing the configuration of its financial sanctions screening systems.  Consequently, customers were only screened against individuals on the Consolidated List with UK citizenship or UK residency.  This created a material risk, as Designated Persons were able to open accounts or continue to maintain accounts.  According to the FCA, the bank’s “financial sanction screening controls were shockingly lax. It left the financial system wide open to criminals and those subject to sanctions”. The case highlights the importance of having a strong financial sanctions framework in place, in addition to AML controls, which has been more of the focus of the FCA and enforcement in recent years. In relation to the OFSI penalty of £15,000 imposed on a London-based concierge company,  the breaches of the Russia Regulations concerned providing services to a sanctioned individual.  The conduct involved 26 payments totalling just under £15,500 which were made or received by the company between 2022 and 2023 in connection with property management services provided to a person designated as a target of an asset freeze under the Russia Regulations. The company also breached reporting requirements by failing to report payments to water and utilities companies.  OFSI considered this, and the cumulative total and the repeated nature of the payments, to be aggravating factors when considering the extent of the penalty to be imposed. Key takeaways Failure to disclose breaches – the FCA are increasingly using VREQs and ‘own-initiative requirement’ powers (OIREQs) to impose a wide range of requirements.  It is imperative that a firm complies with such requirements until they are varied or cancelled.  A key failing was that the bank did not have a formal monitoring programme and the FCA noted its “disappointment” that the bank did not immediately report the initial VREQ breaches.  For more on this topic, please see our article here. Skills, knowledge and experience – In respect of the OFSI penalty, the company was unaware of its sanctions obligations and its knowledge of sanctions risk was, by its own admission, extremely limited.  OFSI highlighted the importance for firms to understand their exposure to sanctions risk, educate themselves on the risks, take appropriate action to address it and seek professional advice where necessary.Similarly, the FCA considered the lack of AML skills and experience of the bank’s senior management to be a key contributing factor to the VREQ breach.  According to the FCA, the senior management team was inexperienced when dealing with significant regulatory changes and lacked awareness of the impact of VREQs. Pace of investigations – Therese Chambers, Joint Executive Director of Enforcement and Market Oversight at the FCA, recently delivered a speech in respect of the FCA’sfocus on the pace of its enforcement investigations.  This renewed focus was seemingly demonstrated as it took 14 months to achieve an outcome, compared to an average of 42 months for cases in the previous reporting period.

On 17 October 2024, the European Commission (Commission) announced that the Expert Group set up under the Regulation governing rules about markets in financial instruments (DEG) had published reports on the main parameters of EU consolidated tapes. The DEG was tasked with providing advice to the Commission and the European Securities and Markets Authority (ESMA) on (i) the quality and the substance of market data and the quality of the transmission protocols for the purpose of the operation of the consolidated tapes, and (ii) the calibration of non-equity post-trade publication deferrals. The DEG’s reports outline certain recommendations with the aim of making the consolidated tapes a success for the EU and these recommendations will feed into the work of ESMA and the Commission on the MiFIR implementing measures. The DEG’s core findings include that on the calibration of post-trade publication deferral schedules for bonds, the Commission and ESMA should: Reconsider the current grouping proposals using additional factors (such as currency, issuer country, sub-asset classification and duration) to allow sufficient granularity. Use the current amount outstanding (“total issued nominal amount” in the Financial Instruments Reference Data System (FIRDS) records to determine the issuance size thresholds, relevant for assessing the liquidity – rather than the original issuance amount and that field 14 of Commission Delegated Regulation (EU) 2017/585 should be renamed “current notional amount outstanding” to clarify the requirement. Adopt an Average Daily Volume (ADV) / absorption time approach to re-assess appropriateness of the trade size buckets (and potentially exclude transactions of less than €100,000) with regards to price dissemination, while considering that ADV should not be used to allow such generous deferrals that a liquidity-provider or market-maker is able to trade out of a position “risk-free”. Distinguish between investment grade and high yield for corporate bonds. Review the proposed treatment of Structured Finance Products, based on the general lack of liquidity in this market segment. On the calibration of post-trade publication deferral schedules for over-the-counter derivatives, the DEG recommends that: For each index and tenor combination of fixed versus floating single currency standard interest rate swaps: Where there are greater than X trades per day – reporting should be real-time where the size is below a certain threshold and deferred to end of the day (EOD) where the size is greater than that threshold. Where there are less than X trades per day – reporting should be deferred to EOD where the size is below the threshold and deferred to T+1 where the size is greater than the threshold. X should be set by ESMA at a number between 4 and 15 trades per day depending on the ESMA’s view on sufficient liquidity, while the threshold should be determined with reference to the 67th percentile for standard swaps. There should be a cap applied at the 90th percentile – in that case, the full size should be published only after 3 months. For each Index and tenor combination of fixed versus floating single currency non-standard interest rate swaps: Reporting should be EOD where the size is below a certain threshold, and Reporting should be deferred to T+2 where the size is greater than that threshold; The non-standard threshold should be set at the 50th percentile.

Information sharing by regulated firms On 4 October 2024, the Department for Business & Trade published guidance (the Guidance) on the information sharing measures in the Economic Crime and Corporate Transparency Act 2023 (ECCTA). The purpose of the Guidance is to support firms operating in the “regulated sector” within Schedule 9 of the Proceeds of Crime Act 2002 (POCA), to utilise the new information sharing provisions introduced by sections 188 to 193 of ECCTA (which came into force on 15 January 2024, via the Economic Crime and Corporate Transparency Act 2023 (Commencement No. 1) Regulations 2023). The government recognised that prior to ECCTA, firms operating in the regulated sector that sought to share customer information on economic crime were concerned that in doing so they might be liable for possible breaches of confidentiality. ECCTA introduces two routes for information sharing – direct sharing of information with another firm in the regulated sector (section 188) and indirect sharing of information via a third-party intermediary (section 189). Direct information sharing – to ensure that information is shared in as many cases as possible, section 188 of ECCTA disapplies civil liability for regulated firms, who are already identified as having specialist economic crime responsibilities, when they directly share customer information for the purpose of preventing, detecting and investigating economic crime. To benefit from the ECCTA protections a firm in the regulated sector (A) sharing information with another firm (B) must satisfy one of the following two conditions:i) B has explicitly requested information from A (the ‘request condition’); or ii) A has decided, or would have decided if a customer remained onboarded, to take safeguarding action against the customer (i.e. terminating a business relationship with the customer, refusing the customer a product or service, or restricting the customer’s access to elements of a product or service made available to other customers) (the ‘warning condition’). Indirect information sharing – section 189 also allows for indirect sharing of customer information through a third-party intermediary between businesses in the financial sector (deposit taking bodies, electronic money institutions and payment institutions), crypto asset exchanges and custodian wallet providers, large law firms, large accountancy firms, large insolvency practitioners, large auditors, and large tax advisers. Paragraph 47 of the Guidance states that when relying on the information-sharing provisions in ECCTA, firms need to be mindful of their obligations to report knowledge or suspicion of money laundering and/or terrorist financing to the National Crime Agency (NCA) through Suspicious Activity Reports (SARs) under POCA: Where regulated firms choose to share customer information after submitting a SAR, they will need to make sure that they do not indicate this to the receiving organisation. However, firms are advised to share information on submitting SARs when they are undertaking a joint disclosure report, often referred to as a ‘Super SAR’ (as set out in section 339ZB of POCA and section 21CA of the Terrorism Act 2000). Where firms do share information under the Super SAR measures to produce a joint disclosure report, the report must contain declaration of approval by the nominated officers of those entities that agree to be part of the joint disclosure report (with nominated officer name and contact details). When disclosing information, firms should also consider their broader obligations under POCA, for example in relation to tipping off and the offence of prejudicing investigations, as this may influence how (and whether) they decide to share information as a practical matter. Paragraphs 53-56 of the Guidance, provide some further insight on the UK GDPR compliance angle, stating that: In most cases, customer information will contain personal identifiable data, which will need to be treated with significant care. Any customer information being shared must meet the warning and request conditions in ECCTA (referred to above) and adhere to the UK GDPR, which requires that information collected for a specified purpose is not processed for other purposes. Under the UK GDPR, an organisation can use personal information for a new purpose, only if that purpose is compatible with the original specified purpose or in other limited circumstances. If a regulated firm were to share data for commercial purposes and not in line with these considerations, it could be subject to enforcement action by the Information Commissioners Office. The information-sharing measures are voluntary, and it remains to be seen to what extent they will be used, particularly given the potential data protection complexities. Information-sharing powers for authorities Companies House Under section 94 of ECCTA, Companies House is empowered to proactively disclose information to certain persons or bodies (e.g. government bodies, law enforcement bodies and insolvency practitioners) for purposes connected with the exercise of its functions, provided it does so within the confines of existing data protection legislation and obtains HMRC authorisation where relevant. The draft Information Sharing (Disclosure by the Registrar) Regulations 2024 provide a mechanism for when Companies House can share targeted information with insolvency practitioners and those involved in insolvency proceedings.  The Serious Fraud office (SFO) Section 211 of ECCTA has also reformed and extended the SFO’s pre-investigative powers under Section 2A of the Criminal Justice Act 1987. The former Section 2A powers permitted the SFO to compel individuals and companies to provide information at a pre-investigation phase in suspected cases of international bribery and corruption where there were “reasonable grounds to suspect” that a crime had taken place. ECCTA has now extended this to all potential SFO cases so that these powers may be used in cases such as suspected fraud or domestic bribery or corruption, which were previously excluded. In particular, under Section 3(5) of the Criminal Justice Act 1987, the SFO has an existing power to share information it obtains using its compulsory powers with other agencies and can therefore share information it has obtained under its newly extended section 2A powers even if the receiving agencies do not possess equivalent pre-investigative powers. Our assumption is that these powers could be used in conjunction with any enforcement or investigations in relation to the Failure to Prevent Fraud offence under ECCTA.

There are two methods which allow the marketing of alternative investment funds (AIFs) in the EU by alternative investment fund managers (AIFMs). The first method is a marketing “passport” which has been introduced by the Alternative Investment Fund Managers Directive (AIFMD) to allow AIFs to be marketed to professional investors across the EU subject to certain conditions being met. The second method allows AIFs to be marketed in a specific Member State in accordance with that Member State’s private placement regime, subject to certain conditions being met. We have now updated our two guides on the AIFMD, which has now been in force for some time. Both guides are now in their seventh iteration. The first guide considers whether the AIFMD marketing passport is working in practice and is a useful tool for managers as it illustrates the significant differences across jurisdictions. It covers 14 EU jurisdictions – Austria, Belgium, Denmark, Finland, France, Germany, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain and Sweden. The second guide looks at the requirements non-European AIFMs face when marketing AIFs to professional investors across fourteen EEA Member States, Switzerland and the United Kingdom. Input on both guides has been prepared by Norton Rose Fulbright lawyers in Europe, as well as by correspondent counsel with whom we have close working relationships. Our podcast regarding the updated guides is also available. Should you require a copy of either or both guides please contact Jonathan Herbst or Claire Guilbert.

On 15 October 2024, the European Supervisory Authorities (ESAs) issued an Opinion on the European Commission’s (Commission) rejection of the draft Implementing Technical Standard (ITS) on the register of information under the Digital Operational Resilience Act (DORA). By way of background, the ESAs submitted a draft ITS to the Commission in January 2024; in September 2024 the Commission sent a letter to the ESAs rejecting the proposed draft citing the principle of proportionality with regard to requirements relating to legal identifiers for ICT third-party service providers. The Commission contested the mandatory use of Legal Entity Identifier (LEI) for EU third-party ICT service providers, arguing that the companies should have a choice between the use of the LEI and the European Unique Identifier (EUID). In its Opinion, the ESAs push back on the Commission’s suggestion to provide for an alternative between the use of the LEI and the EUID, arguing that only the former provides for international convergence for the identification of legal entities participating in financial markets and related activities. The ESAs defend their original proposal by mandating the use of the LEI, arguing that they have not found alternatives capable of providing efficiencies to both the industry and supervisors and achieving international convergence in the area of global cyber security and operational resilience. The ESAs took note of the Commission’s arguments but contested that the introduction of the EUID as identifier for the ICT third-party service providers within the registers of information would require previously not planned implementation and maintenance efforts and costs for financial entities. That said, the ESAs suggest clarifying the proposed framework allowing for a use of two identifiers by giving priority to using LEI in the cases where both identifiers are available to the financial entity, with the EUID as an alternative identifier to the LEI for ICT third-party service providers established in the EU. In addition, having taken into the account the feedback received from the register of information “dry run” exercise that was concluded earlier this year, the ESAs also suggest certain minor changes to the draft ITS. The proposed amendments include both technical changes to the register of information templates and the text of the revised draft ITS. The changes to the templates concern the reporting instructions, with the aim of providing additional clarifications. Importantly, the ESAs did not propose any substantive changes to the list of ICT services as included in Annex III of the draft ITS. The ESAs also clarified recital 7 in the draft ITS stating that “the register of information should be maintained and updated by financial entities including where a financial entity outsources all its activities to another entity, as the maintenance of the register of information contributes to the operational resilience of that financial entity. Therefore, where an entity is acting on behalf of a financial entity for all the activities of the financial entity (including the ICT services), the direct ICT third-party service providers to that entity should be recorded in the relevant templates of the register of information of the financial entity. In such case, the entity is only registered as an entity maintain the register”. The Commission is now expected to publish the revised ITS over the coming weeks.

On 15 October 2024, the Committee on Payments and Market Infrastructures (CPMI) issued the following reports which offer insights into enhancing cross-border payments by facilitating the interlinking and interoperability of payment systems: Linking fast payment systems across borders: governance and oversight – final report. This final report informs owners and operators of fast payment systems (FPS) when they are developing the governance and risk management of their FPS interlinking arrangement as well as overseers when they are defining their oversight approach. It discusses the main decisions to be taken by operators in developing the governance approach for FPS interlinking arrangements and sets out recommendations that overseers should consider when developing an oversight approach for the respective component FPS or a separate entity. Promoting the harmonisation of application programming interfaces to enhance cross-border payments – recommendations and toolkit. The report has 10 recommendations divided into four categories: i) recommendations that aim at facilitating the global API harmonisation processes; ii) recommendations that focus on API design principles and the use of existing international data standards; iii) recommendations to enhance the developer experience; and iv) recommendations to promote pre-validation APIs and implementation. Each recommendation has a list of potential actions that constitute practical and concrete implementation measures. The recommendations are also supported by a toolkit to assist stakeholders when assessing their current practices.

On 15 October 2024, HM Treasury (HMT) published a joint statement with the State Secretariat for International Finance following the UK-Switzerland Financial Dialogue. The statement summarises what was discussed at the meeting and the key outcomes. The statement explains that this was the first formal meeting since the negotiations of the Berne Financial Services Agreement (BFSA) concluded in December 2023. The meeting was attended by officials from HMT and the State Secretariat for International Finance, as well as representatives from their respective supervisory authorities including the Bank of England, Financial Conduct Authority, Swiss National Bank, and the Swiss Financial Market Supervisory Authority. The discussions emphasised “close, ongoing UK and Swiss cooperation in financial services” and focused on key themes including: Economic outlook and financial stability: Participants discussed potential measures that could be taken on the international level to enhance stability of the global financial system, including work on liquidity requirements, and on increasing resilience and crisis preparedness for open bank resolution. The BFSA: The UK and Switzerland noted that the ambition is to complete implementation as soon as possible, by the end of 2025 at the latest, and enter the Agreement into force shortly thereafter. Negotiations of a supervisory cooperation Memorandum of Understanding supporting the BFSA are progressing with a view to reach their concluding stages soon. Sustainable finance: Ongoing work and developments in sustainable finance were discussed, and participants reaffirmed their commitment to close cooperation through a future work programme as outlined in the BFSA. The UK and Switzerland explored common strategic priorities and approaches in this area, covering disclosures, transition plans, and transparency, and emphasised the importance of ensuring that the UK and Swiss sustainable finance standards are interoperable. Artificial intelligence (AI) and innovation: Representatives shared insights on their respective approaches to AI and explored both current and future AI use cases within financial services, including challenges to wider adoption in the sector. Capital markets regulation: Authorities provided an update on the state of play towards achieving T+1 settlement, noting the industry-driven efforts and shared ambition for collaboration in the European region, and HMT outlined the UK Government’s ambition to reinvigorate markets to stimulate investment and innovation within the economy. It was agreed that UK and Swiss representatives would reconvene in H2 2025.

On 16 October 2024, the draft Collective Investment Schemes (Temporary Recognition) and Central Counterparties (Transitional Provision) (Amendment) Regulations 2024 (the draft Regulations) were published on legislation.gov.uk, along with a draft explanatory memorandum. The draft Regulations contain provisions to: Support the operationalisation of the Government’s first equivalence decision under the Overseas Funds Regime (OFR). Amend the Central Counterparties (Amendment, etc., and Transitional Provision) (EU Exit) Regulations 2018 (the CCP Regulations). Supporting operationalisation of OFR equivalence The draft Regulations are intended to support the operationalisation of the Government’s equivalence decision regarding the EEA states for the purposes of the OFR. They do this by extending the temporary marketing permissions regime (TMPR) for a further year, to allow sufficient time for funds in scope of the Government’s equivalence decision to transition to the more permanent marketing arrangements provided by the OFR and avoid any cliff-edge risks. In addition to this, the draft Regulations also make technical amendments to the TMPR to ensure that sub-funds are able to transition smoothly to the OFR on direction by the Financial Conduct Authority (where they are in scope of the equivalence decision) or alternatively apply for recognition under the section 272 of the Financial Services and Markets Act 2000. There are also other technical changes relating to how the TMPR accounts for different types of sub-funds. Amending the CCP Regulations The draft Regulations amend the CCP Regulations, which established a temporary recognition regime (TRR) in the UK for overseas central counterparties (CCPs) that were recognised by the EU, and therefore had market access to the UK, before the end of the transition period. Under the UK’s current regime, a CCP automatically loses its temporary recognised status if its EU recognition is withdrawn; the draft Regulations will amend the TRR so that this is no longer the case.

On 15 October 2024, the European Supervisory Authorities (ESAs) issued an opinion regarding the European Commission’s (EC) rejection of the draft Implementing Technical Standards (the Draft ITS) for the register of information under the Digital Operational Resilience Act (Regulation (EU) 2022/2554, DORA). DORA requires financial entities to maintain and regularly update a register of information covering all contractual agreements with ICT third-party service providers. This register is crucial for managing third-party ICT risks and will enable the EU competent authorities and ESAs to supervise compliance with DORA and identify critical ICT service providers subject the DORA’s oversight framework. The Draft ITS contains standard templates for this register. The EC rejected the Draft ITS on 3 September 2024 due to concerns over the mandatory use of the Legal Entity Identifier (LEI) for identifying ICT third-party service providers. Among other things, the EC wants to see the ability for entities to use either the LEI or the European Unique Identifier (EUID), arguing that the EUID is already widely used by EU companies. In their response, the ESAs expressed concerns that incorporating the EUID alongside the LEI would add unnecessary complexity, increase implementation costs, and introduce potential data quality issues. The ESAs emphasised that the LEI’s widespread international adoption and robust data validation capabilities make it the more suitable option for financial reporting. As a result, the ESAs favour the exclusive use of the LEI. In the end, the ESAs suggest keeping the LEI as the main identifier but recognise that if the EUID is adopted, additional changes to the Draft ITS would be necessary for a seamless implementation. These changes would involve adding new data fields and prioritising the LEI in cases where both identifiers are present. Finally, financial entities are encouraged to ramp up their implementation efforts to be ready to submit their registers in the first half of 2025. The ESA’s opinion is available via this link.

On 15 October 2024, the Prudential Regulation Authority (PRA) published consultation paper CP13/24 – Remainder of CRR: Restatement of assimilated law, which sets out the PRA’s proposals to restate the relevant provisions in the assimilated Capital Requirements Regulation No 575/2013 (CRR) in the PRA Rulebook and other policy material such as supervisory statements and statements of policy. The PRA also proposes to update the credit ratings mapping tables in some assimilated technical standards and to restate them in the PRA Rulebook. Background The Financial Services and Markets Act 2023 provides for the revocation and restatement of financial services assimilated law in secondary legislation. The PRA has already restated and amended, or consulted on restatements and amendments of, the CRR, as set out in: PS22/21 – Implementation of Basel Standards: Final rules (published in October 2021) PS17/23 – Implementation of the Basel 3.1 standards near-final part 1 (published in December 2023) PS9/24 – Implementation of the Basel 3.1 standards near-final part 2 (published in September 2024) CP8/24 – Definition of Capital: restatement of CRR requirements in PRA Rulebook (published in September 2024) The FCA’s proposals HM Treasury has previously stated its intention to revoke the remainder of assimilated law in the CRR, and CP13/24 sets out how the PRA proposes to restate, and in some cases modify, these CRR requirements in the PRA Rulebook and other policy material. The proposals consist primarily of the restatement of assimilated law into PRA rules and policy materials without modifications, although there are a few instances where the PRA proposes to modify certain areas as part of their restatement. Next steps The deadline for responses to CP13/24 is 15 January 2025. With some exceptions, the PRA proposes that the implementation date for the draft PRA rules set out in CP13/24 would be 1 January 2026. In some areas, the PRA proposes to amend certain CRR requirements consequential to the proposed simplification of requirements for small domestic deposit takers (as consulted on in CP7/24) and those requirements would come into effect on 1 January 2027. For the credit ratings mapping tables set out in Chapter 7 of CP13/24, the proposed implementation date for the insurance-related mapping rule changes would be 1 July 2025, and the implementation date for the banking and securitisation mapping rule changes would be 1 January 2026.