MiFID II GAP ANALYSIS TOOLKIT

Transcription

1 Version 2 8 August 2017 Robert Quinn Consulting Ltd. 42 Wigmore Street London W1U 2RY United Kingdom Tel: +44 (0)

2 DOCUMENT CONTROL LOG Version Number Reason for Update Date of Release 1 Initial publication of document June Update following publication of the second FCA Consultation Paper PS 17/14 August

3 Gap Analysis Contents Theme Section Number Requirement Page Introductory Information 1. Organisational Infrastructure 2. Conflicts & Records 3. Client Matters 4. Transaction Requirements Introduction... iii MiFID II UK Buy Side Application Table... iv MiFID II UK Buy Side Overview *... v Abbreviations... vi 1.1 Compliance Function Audit Function Risk Management Senior Management Outsourcing Complaints Handling Conflicts of Interest Remuneration Record keeping Transaction Records Telephone Recording and Electronic Records Client Categorisation Client Agreements Client Information Client Reporting Suitability Appropriateness Best Execution Transaction Reporting Trading Obligations Post-Trade Disclosure Commodity Derivatives Page i

4 Theme Section Number Requirement Page 5. Additional Requirements 5.1 Inducements Research Investment Advice Product Governance Knowledge and Competence Algorithmic Trading Annex Annex I Page ii

5 Introduction The second Markets in Financial Instruments Directive and the Markets in Financial Instruments Regulation (collectively MiFID II ) enhance MiFID I, the current EU regulatory regime governing the conduct and operations of several types of financial services participants. Certain aspects of the new regime may affect organisations that are not currently regulated under MiFID I, including AIFMs. The recast regime is designed to address recent technological developments and failings in the regulatory regime identified following the financial crisis. Relevant firms must be compliant with the new regime by 3 January In advance of this (no later than 3 July 2017) EU Member States should have national frameworks in place to give firms time to digest the rules and undertake the necessary steps to achieve compliance by 3 January The UK Financial Conduct Authority met this requirement by publishing a Policy Statement detailing the required changes to the FCA Handbook on 3 July Certain aspects of the new regime remain largely unchanged from MiFID I such as the general conduct principles and authorisation requirements. Other areas are subject to a number of limited refinements. Some areas, however, are extended significantly, including the rules governing best execution, inducements and research, telephone recording, and transaction reporting. Finally, the new regime introduces several entirely new requirements such as rules on product governance and algorithmic trading. The MiFID II regime will impact several aspects of investment firm s operations including governance arrangements, compliance function, front office systems and IT operations. Firms need to plan for these regulatory changes in advance of 3 January 2018 in order to appropriately manage implementation and prepare for other aspects of the regime with a longer lead time. The FCA has confirmed that UK firms still need to comply with all existing and new EU regulatory obligations, including MiFID II, notwithstanding the UK s decision to leave the European Union. This document has been designed to assist firms with their MiFID II implementation project. We have also created a number of Topic Guides that provide additional information with respect to key aspects of MiFID II. How to use this document The UK Buy Side Application Table is designed to enable firms to quickly identify which areas of the MiFID II regime will apply to their firm type. The UK Buy Side Overview is designed to provide a high-level illustration of the areas covered by MiFID II and how significant the impact is in those areas. The Gap Analysis is a tool that firms can use to perform an impact assessment and gap analysis, allowing them to identify gaps in their existing arrangements and formulate a plan to implement change ahead of 3 January Page iii

6 MiFID II UK Buy Side Application Table GAP Analysis Section Requirement MiFID Manager AIFM - CPMI AIFM - CPM Small Authorised AIFM 1.1 Compliance Function Yes Yes Yes Yes 1.2 Audit Function Yes Yes Yes Yes 1.3 Risk Management Yes Yes Yes Yes 1.4 Senior Management Yes Yes Yes Yes 1.5 Outsourcing Yes Yes Yes Yes 2.1 Complaints Handling Yes Applies to MiFID business No Applies to MiFID business 2.2 Conflicts of Interest Yes Applies to MiFID business No Applies to MiFID business 2.3 Remuneration Yes No No No 2.4 Record Keeping Yes Applies to MiFID business No Applies to MiFID business 2.5 Transaction Records Yes Applies to MiFID business No applies to MiFID business 2.6 Telephone Recording Yes Yes Yes Yes 3.1 Client Categorisation Yes Yes Yes Yes 3.2 Client Agreements Yes No No Yes 3.3 Client Information Yes Applies to MiFID business No Applies to MiFID business 3.4 Client Reporting Yes Applies to MiFID business No Applies to MiFID business 3.5 Suitability Yes Applies to MiFID business No Applies to MiFID business 3.6 Appropriateness Yes Applies to MiFID business No Applies to MiFID business 4.1 Best Execution Yes Applies to MiFID business No Applies to MiFID business 4.2 Transaction Reporting Yes No No Applies to MiFID business 4.3 Trading Obligations Shares Yes No No Applies to MiFID business 4.3 Trading Obligations Derivatives Yes Yes Yes Yes 4.4 Post-Trade Disclosure Yes No No Applies to MiFID business 4.5 Commodity Derivatives Yes Yes Yes Yes 5.1 Inducements Yes Yes Yes Yes 5.2 Research Yes Yes Yes Yes 5.3 Product Governance* Yes Yes Yes Yes 5.4 Algorithmic Trading Yes Applies to MiFID business No Applies to MiFID business *Applies as rules to MiFID business and as guidance when managing an AIF or a UCITS fund. Page iv

7 MiFID II UK Buy Side Overview * Organisational Infrastructure Compliance Function (S) Audit Function (S) Risk Management (S) Senior Management (S) Outsourcing (S) Conflicts and Records Complaints Handling (Sig) Conflicts of Interest (S) Remuneration (S) Record Keeping (Sig) Transaction Records (Sig) Telephone Recording (Sig) Client Matters Client Categorisation (S) Client Agreements (S) Client Information (Sig) Client Reporting (Sig) Suitability (S) Appropriateness (S) Transaction Requirements Best Execution (Sig) Transaction Reporting (Sig) Trading Obligations (Sig) Post-Trade Disclosure (Sig) Commodity Derivatives (New) Additional Requirements Inducements (Sig) Research (Sig) Product Governance (New) Algorithmic Trading (New ) *Not all topics will apply to all types of firms. Please refer to the Application Table in order to understand which areas will be applicable to your firm. Key: S: Small Changes Sig: Significant Changes New: New Requirements Page v

8 Abbreviations AIFM ARM L2D LEI CPM CPMI DMA Durable Medium ECP ESMA Complex Products Alternative Investment Fund Manager Approved Reporting Mechanism Commission Delegated Directive of 7 April 2016 supplementing MiFID II with regard to safeguarding of financial instruments and funds belonging to clients, product governance obligations and the rules applicable to the provision or reception of fees, commissions or any monetary or non-monetary benefits (C(2016) 2031 final) Legal Entity Identifier Collective Portfolio Management Firm Collective Portfolio Management Investment Firm Direct Market Access For full details of what constitutes durable medium please see Eligible Counterparty ESMA/2015/1787 ESMA Guidelines on complex debt instruments and structured deposits of 4 February 2016 ESMA Cross Selling ESMA/2015/1861 ESMA Final Report Guidelines on cross-selling practices of 22 December 2015 ESMA Final Report 3 ESMA/2016/1451 ESMA Final Report Guidelines on transaction reporting, order record keeping and clock synchronisation under MiFID II of 10 October 2016 ESMA K&C ESMA EN (rev) ESMA Guidelines for the assessment of knowledge and competence of 3 January 2017 ESMA PG ESMA/2016/1436 ESMA Final Report Guidelines on MiFID II product governance requirements of 2 June 2017 ETC ITS KID KIID MiFID I MiFID II MiFIR Exchange Traded Commodities Implementing Technical Standards Key Information Documents (relates to retail business) Key Investor Information Documents (relates to retail business) Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004 on markets in financial instruments Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU Regulation (EU) No 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No 648/2012 Page vi

9 Abbreviations MOR MTF OTC OTF PRIIP RTS SFT SYSC UCITS Also known as the MiFID II Delegated Regulation. The Commission Delegated Regulation of 25 April 2016 supplementing MiFID II as regards organisational requirements and operating conditions for investment firms and defined terms for the purposes of that Directive (C(2016) 2398 final) Multilateral Trading Facility Over-the-counter Organised Trading Facility Packaged retail and insurance-based investment products Regulatory Technical Standards Securities Financing Transaction Senior Management Arrangements, Systems and Controls chapter of the FCA Handbook Undertakings for collective investment in transferable securities, established in accordance with the UCITS Directive Page vii

10 1. ORGANISATIONAL INFRASTRUCTURE Gap Analysis 1. ORGANISATIONAL INFRASTRUCTURE 1.1 COMPLIANCE FUNCTION If firms are in compliance with current SYSC requirements then they are already broadly meeting the MiFID II Compliance Function requirements. However, they must ensure that oversight of new Complaints Handling requirements (see 2.1) and Knowledge and Competence requirements are carried out by the Compliance Function (the Function for the purposes of this section). Do compliance personnel undertake any of the activities they monitor? If the nature, scale and complexity of the firm renders such separation of arrangements disproportionate, does the firm undertake a regular assessment to determine whether the Function is compromised? Does the Function execute a risk-based monitoring programme of all areas of the business, factoring in complaints and complaints handling? Following this analysis, does the function establish priorities for ongoing monitoring? Does the Function monitor the complaints-handling process and oversee and report to management remediation measures undertaken? Does the Function use complaints as a source of information in the context of its wider monitoring responsibilities? Does the Function review compliance with the Firm s policies and procedures related to employee s knowledge and competence? MiFID II Art 16(2) MOR Art 22(1), 22(2), 22(3), 22(4) MiFID II Art 16(2) MOR Art 22(1), 22(2) MiFID II Art 16(2) MOR Art 22(2)(d) MiFID II Art 25(1) ESMA K&C Page 1

11 1. ORGANISATIONAL INFRASTRUCTURE 1.2 AUDIT FUNCTION If firms are in compliance with current SYSC requirements then they are already meeting the MiFID II Audit requirements. Is there an internal independent audit function? If it is not appropriate and proportionate to have a separate function can you nevertheless satisfy regulatory requirements for regular independent audits of the firm s systems, controls and arrangements? (If an audit function is not proportionate, proceed to 1.3: Risk Management). Does the audit function maintain an audit plan to examine and evaluate the adequacy and effectiveness of the firm's systems, controls and arrangements? Does the audit function issue recommendations and verify compliance with those recommendations? Does the audit function have access to management and report its findings to them? MiFID II Art 16(5) MOR Art 24 MiFID II Art 16(5) MOR Art 24 MiFID II Art 16(5) MOR Art 24 MiFID II Art 16(5) MOR Art 24, 25 Page 2

12 1. ORGANISATIONAL INFRASTRUCTURE 1.3 RISK MANAGEMENT If firms are in compliance with current SYSC requirements then they are already meeting the MiFID II Risk Management requirements. Are there arrangements and processes to manage risks generally and in accordance with set risk tolerance levels? MiFID II Art 16(5) MOR Art 23 Page 3

13 1. ORGANISATIONAL INFRASTRUCTURE 1.4 SENIOR MANAGEMENT Please note that the Senior Managers and Certification Regime will have a large impact on Senior Management and will be extended to all authorised firms in RQC will provide further information to firms as it becomes available. If firms are in compliance with current SYSC requirements then they are already meeting the MiFID II Senior Management requirements. Is senior management (including any supervisory function that oversees senior management) responsible for compliance and ensuring the firm complies with its regulatory obligations? Does senior management (and any supervisory function) periodically review and assess the effectiveness of the policies, procedures and arrangements in place to comply with the firm s regulatory obligations and address any deficiencies? Does senior management (and any supervisory function) at least annually receive written reports from compliance, risk and audit functions indicating, in particular, whether remedial measures of deficiencies have occurred? MiFID II Art 16(2) MOR Art 25 MiFID II Art 16(2) MOR Art 25 MiFID II Art 16(2) MOR Art 25 Page 4

14 1. ORGANISATIONAL INFRASTRUCTURE 1.5 OUTSOURCING If firms are in compliance with current SYSC requirements then they are already broadly meeting the MiFID II Outsourcing requirements. MiFID II creates some additional obligations that may require firms that do outsource critical functions to review their internal systems and controls framework and their contractual, and working, relationships with third-party service providers. If the firm has assessed that it does outsource functions that are considered to be critical or important, has the firm reviewed the updated requirements for outsourcing, so that these can be applied to the outsourcing arrangements with third parties? This includes a requirement for any firm providing outsourced portfolio management services outside of the EEA to be authorised or registered in its home country and for an appropriate cooperation agreement between the national regulators to be in place. Where firms have outsourced arrangements, they must ensure that the firm to which the activity is outsourced maintains a record of personal transactions entered into by any relevant person and provides that information to the firm promptly on request. MOR Art 31(2), 31(3), 32 MOR Art 29(5)(c) Page 5

15 2. CONFLICTS AND RECORDS 2. CONFLICTS AND RECORDS 2.1 COMPLAINTS HANDLING Historically onerous complaints obligations have only applied to FCA regulated firms that have Eligible Complainants - persons that have a right of redress to the Financial Ombudsman Service - retail clients, broadly speaking. MiFID II extends these requirements to professional clients and eligible counterparties (in relation to eligible counterparty business). Practically, this means firms should enhance their complaints policy and procedures. References to clients in this section also includes potential clients. Has the firm reviewed its current complaints handling framework to ensure it includes: Policies and procedures for the prompt impartial handling (without undue delay) of client complaints; Records of complaints received and how each complaint is resolved; Endorsement of the complaints policy by the management body; Provision of written complaints handling procedures to clients upon request or when acknowledging a complaint; Establishment of a complaints management function (which can be part of the compliance function); Reporting on complaints handling to the FCA and the Financial Ombudsman Service when required; Analysis by the Compliance function of complaints and complaints handling data in order to identify and address any risks and issues. MiFID II Art 16(2) MOR Art 26 Page 6

16 2. CONFLICTS AND RECORDS 2.2 CONFLICTS OF INTEREST MiFID II requires firms to take all appropriate rather than merely reasonable steps to prevent or manage conflicts, with emphasis on prevention. Disclosure may only be used as a last resort and over-reliance on disclosure is not permitted. Updating of existing Conflicts of Interest policies and procedures will be required. Do you pay or are you paid a fee, commission, or nonmonetary benefit for services to or from anyone except the client? If payments/benefits are necessary for the provision of services (such as custody costs, settlement and exchange fees, regulatory levies or legal fees) they are excluded from the rules. If not, does the benefit enhance the quality of service to the client? (Also see 5.1 Inducements). If not, and the firm cannot demonstrate that the arrangement does not impair its obligation to act honestly, fairly, professionally and in the client s best interests then it will be deemed a prima facie breach of the conflict requirement and will need to be managed. The existence, nature and value/amount of the benefit must be clearly disclosed to the client, before the service is provided and where applicable, the firm must inform the client of mechanisms for transferring the benefit to them. Does your policy confirm that disclosure is a measure of last resort that can only be used where conflict arrangements are not sufficient to ensure, with reasonable confidence, that risks to client interests can be prevented? Do you at least annually assess the conflicts policy and take measures to address any deficiencies? Does senior management receive at least annually a written report on conflicts that have arisen and measures taken to mitigate those conflicts? MiFID II Art 24(9) MOR Art 34 MOR Art 35 MOR Art 35 Page 7

17 2. CONFLICTS AND RECORDS Updated employee training on the new rules should be implemented. MiFID II Art 16(3), 23 Page 8

18 2. CONFLICTS AND RECORDS 2.3 REMUNERATION Broadly speaking, the changes should not impact upon a firm that is already subject to an existing FCA Remuneration Code. However, the firm s policies, procedures and practices should be reviewed with regard to the below. Has the firm reviewed its current remuneration policy to ensure that it meets the new requirements with respect to (i) the individuals captured by the policy, (ii) ensuring a balance between qualitative and quantitative criteria when determining remuneration and (iii) achieving an appropriate balance between fixed and variable remuneration in order to avoid conflicts of interest? Does the firm s compliance function advise the management body on the approval of the remuneration policy? Is senior management responsible for the day-to-day implementation of the remuneration policy and monitoring of compliance risks related to the policy? MiFID II Art 16, 23, 24 MOR Art 27 MOR Art 27 MOR Art 27 Page 9

19 2. CONFLICTS AND RECORDS 2.4 RECORD KEEPING MiFID II enhances record keeping requirements to include information about, and given to, clients (see Section 3 for details). Some records must be kept for 5 years and others for sufficient time in order to facilitate a regulator in the execution of its supervisory and enforcement duties. Organisational Information Do you keep records: of all compliance reports sent to management? of all information in relation to conflicts of interest? of risk management reports sent to senior management? of internal audit reports (if applicable) sent to senior management? in relation to complaints handling? of staff personal transactions? in relation to inducements? Client Information Do you keep records of: IMAs or equivalent between the firm and its clients? all information given to clients, including marketing communications and investment research? all reports provided to clients? all relevant documents and information pursuant to your suitability and appropriateness obligations? information relating to clients financial instruments and funds held by the firm? the use of client instruments by the firm? information about costs and associated charges? information about the firm and its services, financial instruments and safe-guarding of client assets? MiFID II Art 16 MOR Art 72(3) MOR Annex I MiFID II Art 16, 24, 25 MOR Art 54, 72, 73 MOR Annex I Page 10

20 2. CONFLICTS AND RECORDS Has the firm reviewed its record keeping policies and procedures to ensure compliance with MiFID II additional requirements? If your records contain a large amount of data points these must be kept in a format that allows for manipulation by computer software when manual analysis of the data cannot be easily undertaken due to volumes or the nature of the data. MOR Art 72(1) Page 11