Markets View – July 2022

Welcome to the July edition of Markets View. This month we look at the implications for FMIs of recent guidance from the Bank of England on operational resilience, further developments from ESMA on the EU CCP resolution regime, comments from the FCA on the sufficiency of current MAR surveillance in small and medium firms, and an update from the ECB on their desks mapping review.

FCA outlines deficiencies and expectations in market abuse surveillance

In Market Watch 69, the FCA detailed findings from its ongoing programme of STR/STOR supervisory visits, which it undertakes to survey firms’ suspicious transaction reporting arrangements, systems and procedures. The FCA’s findings largely concern the practices of small and medium firms but should be carefully considered by firms of any size. The FCA has identified best practices and areas of potential improvement across several areas, most notably:

• Risk assessments - Detail and specificity are key. Firms should have a comprehensive and up-to-date risk assessment in place. Although no one methodology will be right for every firm, the most effective assessments consider a range of market abuse types and how these differ across asset types and classes. Firms should endeavour to consider and examine risk separately in each of their business activities, as factors like execution method and trading platform can vary the type and level of risk present.
• Order and trade surveillance - In the same vein, firms should consider tailoring surveillance alert thresholds by asset class and type, which can help reduce false positives, and expanding look back periods and the types of trades examined: the inclusion of cancelled and amended trades in surveillance is critical. In analysing alerts, firms should also look beyond scenarios in which there is an obvious link between a client and the inside information holder, as while this can be a key factor in determining reasonable suspicion of abuse, its absence alone does not justify closing alerts.
• Internal policy and procedures - Firms should ensure that MAR policy and monitoring guidance is clear, detailed, and consistent. Where firms instruct analysts to simply look for signs of market abuse in surveillance alerts, with no additional detail on what these signs might look like or where they might be identified, this can lead to a failure to escalate alerts appropriately.
• Outsourcing and the front office - Where compliance is outsourced, firms must ensure they maintain adequate oversight of the surveillance undertaken. The FCA particularly noted instances of firms having a negligible understanding of surveillance performed by UK compliance teams and only discovering that it was inadequate after FCA enquiries. Where front office staff perform compliance roles, firms should ensure that potential conflicts of interest have been considered and that appropriate support from senior management and training on surveillance have been provided.

Although implementing the FCA’s suggestions may present additional costs and time investment for firms, firms should consider reviewing their own MAR policies and procedures in light of this guidance, as this is likely to be an area of increased enforcement action for the FCA moving forwards.

BoE guidance for FMIs on the next phase of the operational resilience regime

By March 2025, in line with the supervisory statements published by the Bank of England (BoE) in March 2021, FMIs must ensure and provide assurance that they are resilient to disruption to their important business services (IBS). This includes setting impact tolerances for services, which if disrupted, could risk their safety and soundness or, in certain cases, the financial stability of the UK. Duncan Mackinnon, Executive Director at the BoE, provided clarification on the BoE’s expectations of FMIs on meeting these requirements in a recent speech. He emphasised that firms should focus on:

• Board and senior management engagement - Many firms still have a long way to go on setting impact tolerances and they must ensure they can demonstrate these tolerances are appropriate. Boards and senior management must engage closely with this process and ensure that it is completed in good time.
• Scenario testing - By now, FMIs should have identified IBS, set impact tolerances, and mapped and commenced a scenario testing programme. Testing should evolve so that by end-March 2025, firms can assure their boards they can deliver IBS within impact tolerances through severe but plausible scenarios. For high-impact IBS within systemic firms, desktop testing will not be sufficient.
• Addressing vulnerability and building resilience - Where firms cannot remain within tolerances, the BoE expects that they will need to invest. For example, firms may need to build substitutability into service delivery or replace legacy systems.

Focusing on outsourcing and third-party risk management, and complementing the 2021 supervisory statements, the BoE has published consultation papers, including for CCPs and CSDs, with proposed recommendations on these aspects of operational resilience. While not themselves binding, the final supervisory statements will provide CCPs and CSDs with guidance on how the Bank intends to assess compliance with the existing regulatory framework. Firms should take especial note of the following proposals:

• Governance and record keeping - Firms’ boards should agree and document risk management frameworks that include clear policies on risk tolerance, assignment of responsibility and accountability for risk decisions, and address crisis decision-making. This should be accompanied by oversight from a second-line review function and assessment by a third-line internal audit function.
• Pre-outsourcing assessments - Firms must assess the criticality of every outsourcing and third-party arrangement and periodically assess and take reasonable steps to manage overall reliance on third parties, with particular concern given to concentration risks and vendor lock-in.
• Outsourcing agreements - A formalised contractual agreement must be in place for all outsourcing arrangements, irrespective of criticality, and including intragroup arrangements. Critical outsourcing agreements additionally must include a specified set of minimum requirements covering issues such as performance monitoring, agreed service levels and data security.

ESMA publishes final RTS and guidelines clarifying EU CCP resolution regime to shore up market preparedness

ESMA has published six final reports on the CCP Recovery and Resolution Regulation (CCPRRR), comprising proposed RTS and guidelines clarifying the details of the CCPRRR aimed at helping resolution authorities (RAs) develop effective CCP resolution plans. CCPs and the users of their services, though, should also review the reports and consider their implications, for instance, where they create rights and obligations, refer to their policies and procedures, or relate to sensitive issues such as employee remuneration. Firms should consider in particular requirements relating to:

• Safeguarding clients and indirect clients - Where contractual arrangements allow clearing members to pass on the negative consequences of resolution tools to their clients (both direct and indirect), such provisions must also include a client’s right to receive recompense or compensation equivalent and proportionate to what the clearing member receives. The RTS regulates the minimum requirements that clearing service providers must apply when agreeing to such compensation rights.
• Determination of “failing” or “likely to fail” - The guidelines specify that, when determining if a CCP is failing or likely to fail, the factors RAs should consider include the viability of the CCP’s recovery tools, its available pre-funded and committed financial resources, liquid resources and liquidity arrangements, and its operational capacity. ESMA emphasises, though, that the determination is ultimately one of expert judgment rather than an automatic consequence of any objective criteria.
• Impact of assessment on employees - A CCP’s resolution plan should include a description of how to mitigate loss of material employees before resolution and how to create effective incentives to maintain material employees during resolution on the basis of their value and relevance. In preparing this description, CCPs should consider the effectiveness of incentive structures, the costs of retention and recruitment, and any regulatory procedures to be followed in resolution.
• Provision of information to RAs - Resolution plans must contain details of arrangements between the CCP and the relevant RA that ensure the RA has access to key information, how the CCP will maintain information systems and controls that can promptly produce and make available relevant information, and the rules, key methodologies and assumptions used in the preparation of any financial information provided to the RA for valuation purposes.

ESMA has submitted the final reports to the EU Commission, which has until August to decide whether to endorse the proposed standards. In the meantime, ESMA has also published four consultation papers on further proposed guidelines for the regime aimed at ensuring supervisory convergence across the EU. ESMA will consider the feedback it receives to this consultation with a view to publishing this further set of final reports by Q4 2022.

ECB desks mapping review – integrating Brexit banks into European banking supervision

The European Central Bank (ECB) commenced its desks mapping review in 2020, analysing the booking and risk management policies of third-country banks’ trading desks to ensure European subsidiaries are not operating as “empty shells”. Andrea Enria (Chair of the ECB Supervisory Board) provided an update on the review that makes for uncomfortable reading for Brexit banks The ECB’s findings suggest that many UK banks have not made adequate post-Brexit investments into their euro area subsidiaries.

The ECB previously outlined a requirement for banks to retain the control and balance sheet risk of their euro area entities locally along with an expectation that banks maintain local risk management, governance, IT and reporting infrastructure, as well as adequate local liquidity and capital. Against these expectations, the ECB has found that the vast majority of incoming banks do not have full control over their own balance sheets, with a particular focus put on the fact that 70% of the 264 trading desks examined operate a “back-to-back” booking model and a further 20% operate as “split desks”.

In response to these findings, the ECB has determined that a full 21% of the surveyed trading desks warrant individual binding decisions, as determined by an examination of a range of risk indicators, including total capital market risk-weighted exposure amount, total net trading income, traded notional amount and ticket count. These individual binding decisions, designed to push banks to entrench some autonomy for euro area trading desks, may include requirements to:

• appoint a head of desk based within the euro area entity, with clearly defined reporting lines and a compensation structured tied to the performance of the euro area entity, shifting more management and decision-making to Europe (and, subsequently, permitting greater ECB scrutiny);
• ensure the desk has adequate infrastructure and traders (particularly senior traders) to manage risk locally, increasing local oversight;
• establish a solid governance and internal control framework of remote booking practices with parent affiliates, guiding banks away from the “back-to-back” model; and
• reduce reliance on intragroup hedging.

The ECB will continue to supervise incoming banks’ post-Brexit operating models, including credit-risk shifting techniques, reliance on parents entities and internal models. While all UK banks operating EU hubs should continue to engage with the ECB on ensuring these hubs’ infrastructure and risk management policies and procedures are appropriately robust, the approach revealed by this update suggests banks with “back-to-back” booking models in particular should consider revisiting their approach, as this appears to be a particular concern for the ECB.