Regulatory Update July 2023

In this issue we cover:

UK passes bill recognising cryptocurrency

Draft Voluntary Code for ESG ratings

UK government proposes changes to short selling rules

ISSB release Sustainability Disclosure Standards

Treasury repeals firm-facing requirements in retained EU law

AI and ‘Big Tech’: The FCA’s approach

The FCA Keeps improving

Complaining about your regulator

Cyber security and navigation

 

UK passes bill recognising cryptocurrency

The UK officially passed the Financial Services & Markets Act 2023, recognising cryptocurrency as a regulated financial activity. This Bill initially focused on stablecoins but was expanded to include all cryptocurrencies. It has now been approved by both Houses of Parliament and King Charles.

Key Highlights:

• The Act represents a significant step towards the UK’s integration of digital currencies into its financial system, driving the UK one step closer to making it a global crypto hub.
• While initially focusing on regulating stablecoins, the scope broadened to all cryptocurrencies during parliamentary debates.
• The Act empowers key UK regulatory bodies like the Treasury, the Financial Conduct Authority (FCA), the Bank of England, and the Payments Systems Regulator to enforce rules on the crypto sector.
• It aims to provide a clear regulatory framework for the safe adoption of crypto assets in the UK post-Brexit.
• The Treasury has been consulting on proposed rules for the sector, with specific rules possibly introduced within the next 12 months.
• The Economic Secretary of the Treasury, Andrew Griffith, emphasised that this legislation hands over control of the UK’s financial services rulebook, promising benefits for businesses, consumers, and growth.

Overall, the passage of this Act is a milestone in the UK’s approach to digital finance, positioning the country as a leader in the crypto industry and marking the beginning of a new era for cryptocurrencies in the UK.

Draft Voluntary Code for ESG ratings

On July 5, 2023, a draft voluntary code of conduct for ESG (Environmental, Social, and Governance) ratings and data product providers was released for consultation by the ESG Data and Ratings Code of Conduct Working Group (DRWG). This effort was backed by the International Regulatory Strategy Group (IRSG) and the International Capital Market Association (ICMA), with the consultation period set to conclude on October 5, 2023. The final code is expected to be published at the end of the year.

The draft code presents best practice principles including:

• Good Governance: Ensuring that ESG ratings and data product providers have suitable governance arrangements, emphasising transparency and conflict management.
• Systems and Controls: The creation of written policies and procedures to maintain product quality, consistency, and effective engagement practices.
• Conflicts of Interest: Managing activities that could affect the independence and objectivity of ratings and operations within ESG ratings and data products providers.
• Transparency: Prioritising sufficient public disclosure and transparency, encompassing methodologies and processes, for ESG ratings and data products.

UK government proposes changes to short selling rules

The UK government is proposing changes to short selling rules as part of the “Edinburgh Reforms.” The amendments focus on removing or revising rules related to short positions in sovereign debt securities and credit default swaps, viewing them as unnecessary and potentially detrimental to liquidity in the UK’s sovereign debt markets. The proposals will shift the focus of short selling regulations to equity securities and make changes to the disclosure requirements for net short positions. A public consultation on the proposal has been opened for four weeks, as part of the UK’s efforts to tailor its financial regulations following Brexit.

ISSB release Sustainability Disclosure Standards

On June 26, 2023, the International Sustainability Standards Board (ISSB) released the inaugural IFRS Sustainability Disclosure Standards:

1. IFRS S1, outlining the General Requirements for Disclosure of Sustainability-related Financial Information.
2. IFRS S2, focusing on Climate-related Disclosures.

Both these standards come with accompanying guidance (S1 and S2) that offers suggestions on how a company might meet the disclosure mandates.

The adoption and enforcement of these standards will be determined by individual jurisdictions. In the UK, the government has announced its intention to consult on a framework for the adoption and endorsement of the ISSB’s standards. Concurrently, the FCA has indicated its plan to align its reporting mandates for publicly listed companies with the ISSB’s standards once they receive endorsement for use within the UK.

Treasury repeals firm-facing requirements in retained EU law

The FCA’s goal is to consolidate regulatory requirements currently spread across a variety of sources, including EU regulations and UK legislation, into its Handbook. This will simplify accessibility to relevant provisions.

The current Handbook structure will be maintained, and new sourcebooks will only be created when necessary. Existing Handbook rules may replace retained in EU law (REUL) provisions if they align in scope and effect, and entirely new regulations will be avoided if possible. Higher-level rules like the Consumer Duty may be considered to achieve the same results as detailed REUL requirements, possibly supported by guidance. The goal is also to minimise complexity by using the Handbook’s format and style, aligning standards across sectors, and avoiding retaining the language and structure of REUL.

AI and ‘Big Tech’: The FCA’s approach

The FCA is scrutinising the impact of artificial intelligence (AI) and ‘Big Tech’ companies on the retail financial services sector. A speech and feedback statement were published in July 2023, highlighting the opportunities and risks related to AI and Big Tech’s expansion into finance. The FCA has expressed concerns over Big Tech’s competitive data advantages and is focusing on three new actions: assessing Big Tech’s potential market power, reviewing the supervisory approach to these firms, and working on a pro-competition regime for digital markets. Though no specific regulatory changes have been proposed, the FCA continues to work towards understanding and monitoring the complex interactions between technology and financial services.

The FCA Keeps improving

The FCA and Practitioner Panel 2022/23 survey has revealed firms’ views on the FCA’s performance, identifying areas of both strength and needed improvement. While the majority of firms were positive about the FCA’s past year’s performance, they pointed out concerns regarding cost proportionality, response to innovations, and trust in the FCA and its supervisors. In response, the FCA has planned measures such as a new panel for cost/benefit analysis, streamlined authorisations processing, and enhanced feedback mechanisms. Furthermore, the FCA’s focus on fostering innovation through the Innovation Advisory Group (IAG) and TechSprint events highlights its commitment to evolving with the rapidly changing financial industry.

Complaining about your regulator

The revised complaints scheme, set to apply from 1 November 2023, offers improved transparency and user-friendliness, detailing what complainants can expect. The policy statement details incoming changes and highlights how the regulators value complaints as feedback for improvements and take them seriously. They have removed a previous proposal that capped compensatory payments relating to financial loss at £10,000 and have increased the levels of discretionary payments for non-financial loss, with clarity on eligibility and a review every two years. Though the scheme provides a pathway for compensatory payments if the regulators are at fault, it is expected that payments will continue to be modest. The scheme is not an alternative for consumer redress against firms, as redress may be available through other channels such as the Financial Ombudsman Service or the Financial Services Compensation Scheme.

Cyber security and navigation

Effective governance and oversight in organisations are closely tied to cyber security practices. The cybersecurity breaches survey 2023 explores this, and highlights how companies can protect themselves from this growing threat. Key aspects include:

• Understanding Data: Many boards struggle to interpret cybersecurity data, with only a small percentage of businesses aware of tools like the NCSC Cyber Security Toolkit for Boards. Presenting data in a meaningful way that paints a realistic picture of threats is crucial.
• Presenting Information: CISOs usually lead board presentations, but there can be conflicts if they downplay negatives. Boards need an accurate depiction of current threats and risks to make informed decisions.
• Information Shared: The board needs a detailed overview of risks, including emerging threats and how risks might manifest. This understanding guides the firm’s risk management strategy.
• Supporting Strategy: CISOs must provide accurate information to form the strategy and execute necessary actions. Coordination with other departments is key.
• Cultural Training: Regular, targeted, and accessible training is needed, backed by a culture that encourages open communication. The cyber team must also understand the wider business context, including regulatory aspects.
• Supporting the Board: The cyber team’s support for the board involves educating them on cybersecurity concepts, incentivising accurate representation, refocusing data presentation, enacting wider strategy, and collaborating with other departments.
• Survey Findings: Large businesses tend to have more advanced cyber security governance, with 53% of large businesses having board members holding cyber security responsibilities, compared to 30% of all businesses.

The article emphasises the CISO’s integral role in enhancing governance by working closely with the board, presenting accurate risk pictures, supporting strategic goals, fostering the right culture, and establishing interdepartmental collaboration. The approach involves more than just presenting statistics; it requires an understanding of the real-world impact of cybersecurity threats and risks.