1. Governor Makhlouf's opening remarks at the Central Bank of Ireland's Financial System Conference
On 8 November 2023, Governor of the Central Bank of Ireland ("Central Bank"), Gabriel Makhlouf, gave the opening remarks at the Central Bank's Financial System Conference. The conference aims to bring industry leaders, consumer representatives, policymakers and other stakeholders together to discuss the factors that are shaping the financial system. Mr Makhlouf's speech focused on how the Central Bank had and intends to respond to changes within the financial system.
Mr Makhlouf focused on how the Central Bank will meet the challenge of uncertainty; achieve positive outcomes; make individual accountability work; and transform financial regulation alongside the financial system. He reflected on how the Central
Bank had applied its' 6 principles for effective regulation: forward looking; connected; proportionate; predictable; transparent; and agile in 3 separate contexts –
- innovation and digitalisation;
- Individual Accountability Framework ("IAF") and the Consumer Protection Code ("CPC"); and
- in a European context.
Innovation and digitalisation
Governor Makhlouf launched a consultation paper on innovation engagement which will help the Central Bank to engage with innovators and understand the opportunities and risks to consumers and the economy. In addition, he confirmed that the Central Bank will also be establishing a sandbox to foster innovation in financial services and enable outcomes which are in line with the Central Bank's public policy objectives.
The revised CPC will also reflect changes within the financial system and provide a 'single set of go-to regulations for consumers and firms'. He noted that while digitalisation brings greater choice and access to consumers, it also brings increased
risks which must be adequately addressed. The Central Bank has aimed to do this by keeping the focus on securing consumers' best interests when considering proposed changes to the CPC.
IAF and the CPC
Governor Makhlouf noted that the IAF and the Code were the key priorities for the Central Bank this year, and that they complement each other and operate in tandem. Both are based on 'delivering better outcomes in terms of resilience, governance, and consumer and investor outcomes, while at the same time improving the overall regulatory context for firms.' He also noted that the Central Bank was clear in its engagement with stakeholders that the 'benefits must outweigh the costs' and regulation must be both 'proportionate and applied proportionately'. While ensuring a successfully functioning market is key, commerciality is not the sole focus and firms must integrate consumer protection into their commercial decision making.
Feedback on the IAF consultation was mainly positive but Governor Makhlouf addressed concerns raised over increased compliance burdens, by stating that the Central Bank sought to avoid materially increasing compliance reporting and instead wants to create a good culture of compliance in firms. He stressed that the IAF is not a 'tick-box' exercise and instead will support high quality leadership and enhanced clarity regarding the governance of firms. Governor Makhlouf also noted that a number of decisions were made following the feedback:
- the number of Prescribed Responsibilities has been reviewed and reduced, while still maintaining overall coherence; and
- the application of the Senior Executive Accountability Regime to INEDs and NEDs has been deferred for one year.
International co-operation is vital to ensure that the Central Bank can deliver its mandate. Governor Makhlouf noted that Ireland is a small open economy and must be aware of geo-political tensions, fragmentation and the implications of Open Strategic
Autonomy. He stressed that Ireland must maintain a credible and influential voice at both a European and global level, given its large and globally connected financial sector. The priorities for the Central Bank at an EU level are the introduction
of DORA and MiCA, alongside the review of the Payments Service Directive and the functioning of open banking.
2. Key messages from the Central Bank of Ireland's Financial Systems Conference on its own policy initiatives
On 8 November 2023, the Central Bank of Ireland ("Central Bank") held its now annual conference on financial systems. The event had a full day long agenda with just short of 30 contributors speaking throughout the day on multiple topics. We will provide a more detailed account of the key messages from the conference as a whole on Matheson's Insights page in the coming days but for now, the following is a brief summary of some of the key messages delivered by the Central Bank speakers regarding its own policy initiatives.
Individual Accountability Framework ("IAF")
- it was confirmed that the Central Bank will issue its feedback statement and final guidance in respect of CP153 – Enhanced governance, performance and accountability in financial services next week (exact date was not given);
- the IAF implementation timelines of 31 December 2023 and 1 July 2024 remain, with one exception. The Senior Executive Accountability Regime obligations will not apply to independent non-executive directors and non-executive directors for one year, to enable both the Central Bank and regulated firms to learn from the introduction of the new framework. The Governor explained that "a twelve month learning period should enable firms to better manage the issues some have identified in reconciling the collective responsibility of boards with the new individual accountability regime."; and
- due to feedback received from stakeholders on the number and scope of Prescribed Responsibilities, the Central Bank has reviewed and reduced the number of Prescribed Responsibilities, "while maintaining overall coherence."
Consumer Protection Code ("CPC")
- contrary to previous communications from the Central Bank, the CPC Consultation Paper will now not issue until the new year.
CP 156 - Central Bank approach to innovation engagement in financial services
- the Governor launched a consultation paper titled "CP156 Central Bank approach to innovation engagement in financial services" ("Consultation") which outlines how the Central Bank intends to evolve and deepen its approach to innovation engagement; and
- the Consultation considers possible enhancements to how the Central Bank's Innovation Hub operates and a significant new proposal to establish an Innovation Sandbox Programme ("Sandbox"). The Sandbox will provide firms and new entrants with access to regulatory advice and support, to develop innovations that promote better outcomes for society and the financial system. The Governor indicated that the Sandbox will be open to applications from all sectors of the financial system, have a transparent application process, and the Central Bank will share outcomes of all Sandbox activity with stakeholders on an annual basis.
3. Dear CEO Letter on Thematic review of the Annual Self-Assessment and Validation Process across Firms undertaking Algorithmic Trading activity
On 2 November 2023, the Central Bank of Ireland ("Central Bank") published a Dear CEO Letter ("Letter") on its Thematic review of the Annual Self-Assessment and Validation Process across Firms undertaking Algorithmic Trading activity, as specified under Article 9 of RTS of MiFID II ("Review"). The Letter sets out the Central Bank's findings following its thematic review which assessed how Investment Firms undertaking algorithmic trading have incorporated the requirements set out in Commission Delegated Regulation 2017/589 supplementing MiFID II ("RTS 6"), into their risk management and control frameworks.
The Letter builds on a Dear CEO Letter that was published in May 2021 which found that there had been an overreliance on third party service providers; insufficient formality with respect to key documentation; and a lack of clearly defined roles and responsibilities. Since the industry communication in May 2021, the Central Bank noted that much improvement had been made.
Summary of Key Findings
Areas where there had been significant improvements
This Review focused on the requirements set out in Article 9 of RTS 6 as they apply to self-assessment and validation processes, and all other articles of RTS 6 relating to algorithmic trading activity. The Letter noted that the self-assessment is a key checkpoint for firms to ensure that they have robust governance and risk management frameworks in place, which helps to mitigate risks. The Letter outlined a number of areas where significant improvements had been made:
- formalised processes and controls in respect of the development, testing and monitoring of algorithms that clearly evidence second line oversight of algorithmic trading activity;
- greater ownership at a local entity level evidenced through entity level policies and procedures; and
- a clear distinction of roles and responsibilities between the first and second lines of defence, and between Risk and Compliance.
Areas needing further enhancements
A number of key concerns were also identified in the Review, alongside a number of areas which require further enhancements:
- there were deficient governance frameworks which gave rise to Article 9 self-assessments which lacked sufficient detail to show compliance;
- a lack of formalised arrangements for the continuous training and development of staff;
- failure to maintain sufficient record keeping of material changes and comprehensive procedures in respect of conformance testing;
- procedural documentation was insufficient regarding the assessment and escalation of market surveillance alerts; and
- there was a lack of adequate business continuity arrangements in place with clearly outlined procedures and associated training arrangements.
The Letter recommends that firms take the following actions:
- consider the findings and adopt remedial actions to improve governance and risk management frameworks;
- ensure that adequate control and oversight arrangements are in place regarding the annual self-assessment process and RTS 6 requirements;
- ensure that there is sufficient detail in the Article 9 self-assessment; and
- assess existing training and development programmes to ensure that an adequate training period is provided to ensure continuous professional development.
The Letter also recommends that CEOs of firms undertaking algorithmic trading activity take responsibility for the findings of this Letter and ensure that it is actioned through the performance of a gap analysis by their Boards by 31 March 2024. CEOs
must also consider the follow up and remediation of any identified gaps, and the Central Bank may consider the content and quality of such gap analysis and remediation plans in future reviews of a firm's compliance. The Central Bank may have regard
to the consideration given by a firm to the matters raised in the Letter, during future supervisory engagement.
4. Responses to the European Commission's FIDA proposals
1. Association for Financial Markets in Europe ("AFME")
The Response stated that AFME supported the Commission's aim of creating a consumer-centric data sharing ecosystem, and believes that, correctly designed, the proposals have the potential to create a more effective and efficient data ecosystem and payments system.
AFME's Response focused on implementation issues and compensation, and a number of key points from the Response are as follows:
- trust is an essential element in building a data-sharing ecosystem, and requires secure data-sharing infrastructure and safeguards regarding the use of data;
- an Open Finance framework must ensure digital operational resilience, cybersecurity and data protection standards which are already applicable to financial institutions, and AFME are concerned that Financial Information Service Providers ("FISPs") may become a weak link if not implemented at the same high standard;
- BigTech gatekeepers should not be allowed to be authorised as FISPs or to use data held by financial institutions under Open Finance until data sharing by these companies has been implemented effectively under the Digital Markets Act;
- reasonable compensation must be included in regulation to preserve the ability and create incentives for data holders to make adequate investments in secure data-sharing infrastructure;
- AFME noted that the greatest potential added value exists for retail consumers, and consequently Open Finance should only be applicable to individuals and SMEs; and
- due to concerns regarding infringement on trade secrets and intellectual property, proprietary and inferred data should not be within scope.
Issues around implementation:
- AFME support narrowing the scope of the data to only capture data provided by a customer and transactional data, and not include inferred data;
- AFME advocates for strong regulation where FISPs have the licences to provide services in scope of FiDA;
- AFME believe that the requirement to share all data in real-time is disproportionately operationally burdensome and does not yield commensurate benefits, but supports data sharing without undue delay;
- AFME recommend an implementation period of at least 36 months for the schemes, and an additional 12 months for the rest of FiDA, with a phased approach that begins with targeted use cases identified as delivering the most significant benefits and requiring limited developments; and
- AFME noted that the proposal lacked a comprehensive impact assessment, and that further analysis is required to determine the impact of FiDA and to develop a suitable phased implementation approach.
- compensation should be market-driven to encourage investment;
- any compensation cap should be limited to the extent necessary, at least to a micro and small enterprises cap: and
- consistent availability of compensation is key across financial services legislative files.
2. Insurance Europe responds to European Commission's Consultation on Open Finance Framework
On 6 November 2023, Insurance Europe responded to the European Commission's ("Commission") consultation on its Open Finance Framework. Insurance Europe welcomed the proposal on Financial Data Access Regulation ("FiDA"), and made a number of observations which are summarised below.
The wide scope of FiDA is a concern to Insurance Europe and it calls for a step by step approach which looks at specific uses to identify where there could be a clear benefit for consumers. It recommended adopting a narrower scope which can be expanded following periodic evaluations where a need and demand have been identified.
Further clarity is needed regarding what categories of sensitive data under the GDPR would be included in the data-sharing obligations. Insurance Europe recommends that the sensitive data that insurers process such as medical data and data relating to possible fraud should not fall within the scope of FiDA. It called for further clarity to be given on the categories of data that should be made available and that FiDA should clearly exclude personal data relating to health.
Insurance Europe recommend that commercial customers be excluded and that FiDA focus solely on retail customers. This would align with the GDPR and data-portability rights for customers.
Insurance Europe raises concerns that FiDA does not include any clear safeguards for the protection of trade secrets or business-sensitive data, and that insurers should not be required to share such information which they have generated and analyses themselves as this is an important competitive factor and innovation driver. It recommended that FiDA does not apply to trade secrets, business-sensitive information or proprietary data that the financial institution has generated, analyses or enriched.
Access to Data
Insurance Europe welcomed the proposal that data users will only be eligible to access data if they are subject to prior authorisation by a competent authority as a financial institution, or as a financial information service provider. While it welcomed the approach which aims to ensure fair and equal access to data based on a level playing field, it outlined certain areas where a true level playing field has not been respected in the FiDA proposal and where it creates inconsistencies with the Data Act.
Insurance Europe welcomed the need to ensure sufficient economic incentives are given to data holders, who will bear the bulk of investment costs, to provide high quality interfaces for making data available to data users and that data holder should be able to request reasonable compensation from data users for putting in place APIs. It recommended that a consistent approach to compensation be introduced and that the provisions in FiDA should mirror that of Article 9 of the Data Act, which permits compensation for both costs incurred in making the data available and the investment in the collection and production of data, as well as the possibility of including a margin.
Cross sectoral Data-sharing
Insurance Europe noted that the failure of the framework to embrace the added value of enabling cross-sectoral data-sharing for financial institutions is disappointing. It recommended that FiDA be amended to include a clarification that FiDA is without prejudice to accessing, sharing and using data on a purely contractual basis without making use of the data-access obligations established by this Regulation.
Insurance Europe raised concerns that the 18 month period for developing a financial data sharing scheme is unrealistic. It recommended a two-stage approach which would include an initial 24 month period for setting up the schemes and relevant standards, and a second 18-24 month stage for the development of the technical infrastructure and IT solutions by data holders based on those standards.
Insurance Ireland responds to European Commission's Consultation on Open Finance Framework
Insurance Ireland also responded to the European Commission's ("Commission") consultation on its Open Finance Framework. Insurance Ireland welcomed the proposal on FiDA, and its response largely reflected the points made above by Insurance Europe.
5. European Updates on MiCA consultations and Instant Payments
EBA publishes third batch of consultations on technical standards and guidelines under MiCA
On 8 November 2023, the European Banking Authority ("EBA") launched consultations on regulatory standards ("RTS"), implementing technical standard ("ITS") and guidelines under the Regulation on markets in crypto-assets ("MiCA"). These consultations represent the third batch of consultations regarding technical standards and guidelines under MiCA. The RTS address subjects relating to
- own funds and stress testing;
- recovery planning;
- reporting; and
- supervisory colleges.
- Draft RTS - issuers of asset-referenced tokens ("ARTs"), regardless of whether they are significant, that invest the proceeds they receive form the issuance of the tokens and form part of the reserve of assets, shall do it in financial instruments that are highly liquid and with minimal market risk, credit risk and concentration risk. These draft RTS specify the financial instruments which can be considered highly liquid and bearing minimal market risk, credit risk and concentration risk;
- Draft RTS on the liquidity requirements of the reserve of assets: the draft RTS specify:
- minimum percentage rates of the rates of the reserve of assets with various maturities;
- techniques for the liquidity management to further specify the liquidity requirements of the reserve of assets; and
- specific minimum amount of deposits in each official currency referenced;
- Draft RTS on the minimum contents of the liquidity management policy and procedures; and
- Draft guidelines on the common reference parameters of the stress test scenarios for the liquidity stress tests.
Own funds requirements and stress testing
- Draft RTS - these specify the procedure and the timeframe for an issuer of an ART to adjust to higher own funds requirements when this is deemed to have a higher degree of risk, the criteria for competent authorities to follow during the assessment of such higher degree of risk and the minimum requirements for the design of the stress testing programmes; and
- Draft RTS on the procedure and timeframe for adjusting own funds requirements for issuers of significant ARTs or of E-money Tokens ("EMTs").
- Consultation paper on draft guidelines on recovery plans: these state that recovery plans should consist of 4 elements: a summary of the key elements of the recovery plan, governance information, a description of the applicable recovery options, and a communication and disclosure plans.
- Draft RTS on the methodology to estimate the number and value of transactions associated to uses of ARTs as a means of exchange and of EMTs as a means of exchange and of EMTs denominated in a currency that is not an official currency of a Member State.
- Draft ITS on the reporting on ARTs and on EMTs denominated in a currency that is not an official currency of a Member State: these outline standard forms, formats and templates for the purpose of reporting by issuers and crypto-asset service providers ("CASPs").
- Consultation paper on draft RTS on supervisory colleges: these specify the criteria for determining 'the most relevant' custodians of the reserve of assets, trading platforms, payment service providers providing payment services in relation to the significant EMTs and CASPs providing custody and administration of crypto-assets on behalf of clients. They also specify the conditions that ARTs and EMTs are considered 'used at large scale' in Member State
The consultations will close to feedback on 8 February 2024.
European Parliament and Council of the EU reach a provisional agreement of the instant payments proposal
On 7 November 2023, the Council of the EU ("Council") released a press release that the Council and the European Parliament ("Parliament") had reached a provisional agreement on the instant payments proposal which aims to improve the availability of instant payment options in euro to consumers and businesses in the EU and EEA countries.
The proposal will improve the strategic autonomy of the European economic and financial sector by reducing over-reliance on third-country financial institutions. Under the proposed rules:
- people will be able to make instant payments which will transfer money within 10 seconds at any time of the day to any EU member state;
- payment service providers will also be required to offer instant payments in euro; and
- charges must not be more than the charges for standard credit transfers.
The Council and the Parliament agreed that the transition period, after which the proposed rules would come into effect, would be faster in the euro area, as the non-euro area would need more time to adjust. The co-legislators agreed that the settlement finality Directive would be adjusted to give access for payment and e-money institutions to payment services, and that adequate safeguards would be put in place to ensure that such access does not cause any additional risk to the system. Instant payment providers will need to verify that the beneficiary's name and IBAN match to alert the payer to any possible mistake or fraud before a transaction is carried out. The Council and Parliament included a review clause which requires that the European Commission present a report on an evaluation of the development of credit charges.
The provisional political agreement, which has not yet been published, must be approved by the Council and the Parliament. Once approved, it will go through the formal adoption procedure.