The obligation to secure your opponent's data in the age of hacking
Hacking, corporate espionage and data breaches are on the rise around the globe.
It is less than a year to go before the UK leaves the EU on 29 March 2019. Despite this many financial services firms continue their journey into the unknown with little concrete information being made available by the UK Government. In this latest financial services Brexit briefing we take a look at some of the key developments in recent months.
On 19 March 2018, the European Commission and the UK Government published a revised version of the draft Article 50 Withdrawal Agreement. In particular, the relevant articles dealing with the arrangements for a transition period (also known as an implementation period) were highlighted in green indicating political agreement. If the Withdrawal Agreement is formally agreed the transition period will start on Brexit (29 March 2019) and last until 31 December 2020. During this period the UK will continue to participate in the Single Market and Customs Union. EU law will also apply to the UK during this period as will EU supervisory and enforcement mechanisms including the Court of Justice of the EU. Article 124 of the Withdrawal Agreement provides that the UK “may negotiate, sign and ratify international agreements entered into in its own capacity in areas of exclusive EU competence during the transition period” provided those agreements do not enter into force or apply during the transition period unless authorised by the EU.
When the updated draft Withdrawal Agreement was announced in March the Commission and the UK took different lines. The UK’s Secretary of State for Exiting the EU, David Davis MP, stated that a “decisive step” had been taken and that “businesses need not delay investment decisions, or rush through contingency plans based on guesses about the future deal”. In contrast the Commission’s chief Brexit negotiator, Michel Barnier, acknowledged that a decisive step had been taken but warned that “nothing is agreed until everything is agreed”.
This differing perspective has also been reflected in the positions taken by the European Central Bank (ECB) and the FCA/PRA. The ECB has maintained for some time now that despite the political progress made on the draft Withdrawal Agreement any bank that wishes to relocate from the UK to the euro area should submit its licence application by the end of Q2 2018 at the latest. In contrast the FCA and PRA have stated that firms may plan on the assumption that UK authorisation or recognition will only be needed by the end of the transition period. Obviously the ECB’s position is based on Michel Barnier’s view that nothing is agreed until everything is agreed and that the prudent course of action is based on the worst case scenario where the Withdrawal Agreement is not finalised. The more liberal approach taken by the FCA/PRA is based on the UK Government’s commitment in the event of a no deal scenario to bring forward legislation to create a temporary permissions regime.
Obviously the more liberal stance of the FCA/PRA is useful to EEA firms’ passporting into the UK but it is of little use to UK based firms which are subject to the ECB deadline when looking to conduct business in the EU27. A number of trade bodies have been calling for the ECB to align its position with that of the FCA/PRA but so far this has not happened. More recently the European Banking Authority published an opinion on 25 June 2018 stating that given the lack of certainty over the Withdrawal Agreement, financial institutions needed to start taking mitigating action.
There is currently not much information out there as regards the temporary permissions regime. Previously the UK Government has said that it is committed to bringing forward legislation, if necessary, to create a temporary permissions regime to allow firms to continue their activities in the UK for a limited period after Brexit. In the event of a no deal scenario this provides a back-stop to firms conducting business in the UK.
However, so far we have not seen any detail on this regime from the FCA/PRA nor has HM Treasury published a draft statutory instrument. For example, when the FCA took over the regulation of consumer credit from the Office of Fair Trading it introduced a time limited interim permissions regime. More recently, the FCA has issued a consultation paper regarding its role as the UK’s new claims management regulator and has proposed a 15 month temporary permissions regime for claims management companies. HM Treasury has also issued a consultation on the new UK regulatory regime for claims management but, perhaps interestingly, has so far not published the draft statutory instrument for the temporary permissions regime.
On 13 June 2018, HM Treasury published a letter that it had sent to the chair of the House of Commons’ European Scrutiny Committee, Sir William Cash MP. In the letter HM Treasury discussed the position as regards UK representation in the European Supervisory Authorities (ESAs) during the transition period.
HM Treasury stated that the text agreed with the Commission in March would allow the UK to participate in the ESAs during the implementation period. However, such attendance would only be on invitation and provided that:
The UK would also not have any voting rights in these meetings.
The UK has a unique starting point in that its regulatory regime is fully aligned with the EU. The UK Government has repeatedly called for EU/UK market access to be on the basis of mutual recognition and reciprocal equivalence which would be objectively assessed. However, both the Commission and the Council of the EU have rebuffed this approach, arguing that the current equivalent regime is the only option.
On 4 April 2018, there was an interesting development in the so called equivalence debate. The European Parliament’s Economic and Monetary Affairs Committee published a draft report on relationships between the EU and third countries concerning financial services regulation and supervision. The draft report contained a motion for a European Parliament resolution which amongst other things argued that the EU’s process for granting equivalence lacked certainty and sufficient transparency. It also called for the European Parliament to scrutinise equivalence decisions in the area of financial services including that the institution should be consulted before any equivalence decision is withdrawn. The draft report will be reviewed in further committee meetings. It is expected to be voted on by all MEPs in September 2018.
The Commission’s equivalence regime has a number of drawbacks which have been reported on extensively. However, it’s too early to say whether the Commission is ready to change the regime but the European Parliament’s activity is a welcome development.
The key legislation regulating access to the Single Market for financial services, MiFID II and AIFMD, contain provisions that recognise reverse solicitation. In the context of MiFID II, this means that where a client requests services on their own exclusive initiative, there is no requirement for the third-country provider to set up a branch (in the case of a retail or elective professional client) or register or be authorised by the European Securities and Markets Authority (ESMA) (in the case of professional clients or an eligible counterparty). AIFMD allows a professional investor established in the EU to invest in alternative investment funds (AIFs) on their own initiative, irrespective of where the alternative investment manager and/or the AIF is established.
The lack of guidelines from the ESMA or the Commission creates some uncertainty as regards the usefulness of reverse solicitation but reliance on this exception has been recognised by EU competent authorities but regulatory scrutiny can be high. In addition, using reverse solicitation wrongly can have severe repercussions which may include criminal and regulatory sanctions and the risk that investors / clients may seek to rescind their contract on the basis of breach of law/regulation.
Last year the ESMA published four opinions on Brexit, one general opinion and three sector specific opinions that included one on investment management. This latter opinion caused some concern in the asset management industry in the sense that the underlying message was that ESMA seemed to be requiring EU27 regulators to be tough on proposed relocations and, in particular, any proposals to delegate functions back to the UK.
Before Christmas ESMA’s chair, Steven Maijoor, sought to reassure the industry by giving a speech in which he confirmed that the opinion is in line with the requirements of the AIFMD and the UCITS Directive and, importantly, does not call into question the delegation model but rather guide EU27 regulators into making consistent decisions on delegation structures.
Arguably the rules on delegation have not become stricter as the ESMA opinions cannot change the law, but the policing of how the rules are applied seems to have increased.
The European Union (Withdrawal) Bill (EUWB) has now received Royal Assent, becoming an Act of Parliament. The Bill was the subject of lively debates particularly during the Parliamentary ping pong procedure where MPs voted by 319 to 303 to reject a House of Lords amendment that would have ensured the Commons would have the chance to block a “no deal” Brexit. Before this vote there were dramatic scenes as MPs were told that an official ministerial statement would be issued making it clear it is ultimately for the Speaker John Bercow to decide whether they get a “meaningful vote” on a no-deal withdrawal from the EU. The concession was accepted by leading pro-EU Conservative Dominic Grieve.
On 18 April 2018, HM Treasury published a draft of the Financial Regulators’ Powers (Technical Standards) (Amendment etc) (EU Exit) Regulations 2018 together with a covering note.
The draft Regulations shed some further light on how the UK will incorporate EU financial services legislation into UK law post Brexit. Key points include:
On 5 June 2018, the House of Commons’ library published a briefing paper describing how Parliament will approve statutory instruments made under the EUWB. The briefing paper also noted that the UK Government estimates that Brexit will require between 800 to 1,000 statutory instruments.
On 30 May 2018, the European Payments Council (EPC) issued a position paper on Brexit and UK payment services providers’ (PSPs) participation in the Single Euro Payment Area (SEPA) schemes.
The paper noted that if the draft Withdrawal Agreement was finalised the UK would automatically remain within the geographical scope of SEPA during the transition period.
Following Brexit (after an agreed transition period) the EPC noted the following scenarios:
Before concluding the draft Withdrawal Agreement the Council will need to obtain the European Parliament’s consent. The Council will decide to conclude the Withdrawal Agreement with a ‘super qualified majority’ without the participation of the UK. The qualified majority is defined in this case as at least 72 per cent of the members of the Council, comprising at least 65 per cent of the population of the Member State (without the UK). The Withdrawal Agreement does not require ratification by remaining Member States (although the future free trade agreement will).
The European Parliament has been particularly active in the area of citizens’ rights. The European Parliament’s Brexit political leadership also endorsed in March 2018 a draft resolution for an association agreement between the EU and the UK, which it feels is the most appropriate framework for the future relationship.
On 8 June 2018, the House of Lords’ European Union Committee published a report, UK-EU relations after Brexit, which identifies the high-level benefits that could derive from a new UK-EU relationship and the associated compromises. The report argued that the UK and EU have approached the Brexit negotiations with too great a focus on ‘red lines’, increasing the risk that they will be left without an agreement on the future relationship. It called on both sides to focus on identifying benefits, and areas of mutual interest, and to acknowledge that compromises will be needed.
As part of the report, the Committee published a colour-coded table showing the extent of agreement between the UK and the EU across all policy areas. In terms of financial services the Committee coloured the section red indicating clear disagreements, either on outcomes or means.
The Government’s long awaited White Paper on the future UK / EU relationship has still not yet materialised although on 4 June 2018 the UK Prime Minister’s Office said that it would be published shortly.
It had been expected that at the EU Council summit on 18/19 October 2018 there would be a broad political declaration concerning the future relationship. There has been debate as to how granular the declaration should be and some in the market believe that the declaration may not be finalised until the December 2018 Council summit.
Hacking, corporate espionage and data breaches are on the rise around the globe.
Implications for cryptocurrency trading, smart contracts and AI
Decree No. 228 of 2019 (Decree 228/2019) came into effect on 27 August 2019, which simplifies and revokes previous decrees of the Ministry of Employment (MoE) to widen the type of job titles allowed for foreign professionals to work in Indonesia.