For the third year in a row, the Central Bank of Ireland ("Central Bank") has published a Securities and Markets Risk Outlook Report ("Report"). The aim of the Report is, as detailed by Patricia Dunne, Director of Securities and Markets Supervision, to advise "regulated financial service providers, investors and market participants of the key risks and areas of focus for markets supervision" which informs the Central Bank's supervisory engagement for the year ahead.
The Report considers a number of key areas of focus including:
- External Risk Environment;
- Sustainable Investing;
- Market Integrity;
- Market Conduct and Risk Management;
- Delegation and Outsourcing;
- Cybersecurity;
- Data Quality; and
- Digital Innovation.
Each area of focus is considered in detail by outlining:
- the Central Bank's observations of what has happened relevant to that area of focus throughout the course of 2022 and the associated risks;
- its expectations as they pertain to that area of focus/risk (for ease of reference, details of the expectations are set out below); and
- previously published Central Bank communications and guidance of relevance.
Similarities with last year's report
There are a number of similarities between last year's report ("2022 Report") and this Report. The need to reiterate messages previously delivered and remind firms of communications already issued, some in the very recent past, speaks to the Central Bank's concern around compliance in these areas. In particular the Central Bank focused, yet again on the areas detailed below, and in a number of cases, expanded their positon on them:
- Market Abuse Regulations – the Report reminded impacted firms of its industry communication on the outcomes of its Market Abuse Regulation ("MAR") thematic review. It explains that deficiencies in impacted firms' surveillance frameworks and governance arrangements, when it comes to the identification and reporting of suspected market abuse, continues to be an issue. This, the Central Bank explains, will be an ongoing area of focus which they will "actively monitor".
The Central Bank observes in the Report that while the number of Suspicious Transaction and Order Reports ("STORs") which were received in 2022 represented a 100% increase from that of 2019, given the increase in relevant transactions this is still behind expectations. In particular, the Central Bank highlighted the issues around the submission of STORs by trading venues.
Again, drawing impacted firms attention to the MAR thematic review, the Central Bank observes that ineffective frameworks and controls for the management of inside information and the maintenance of insider lists continue to be prevalent. The Central Bank uses the recent sanctions imposed against Philip Lynch, for breaches of these exact requirements, as evidence of the action which it is willing to take to ensure compliance.
- Conflicts of interest – in particular the need for policies and procedures addressing conflicts of interest. The Central Bank in Case Study 2, details the outcomes of a conduct risk assessment on remuneration and related conflicts of interest at a number of firms subject to Markets in Financial Instruments Directive ("MiFID") rules, which identified a "number of issues of significant concern". Impacted firms are expected to address those issues and any existing deficiencies in their policies, procedures and practices.
- Sustainable Investment /Financing – given the ongoing importance of this area at a European and domestic level, it was not surprising to see much of the same topics addressed in the Report as had been included in the 2022 Report but with a particular, additional emphasis on disclosure and labelling.
- Delegation and outsourcing – reiterating that the Central Bank does not differentiate between the two practices and reminds firms of the applicability of the Central Bank's Cross-Industry Guidance on Outsourcing to both. In relation to "non-funds" delegation and outsourcing, the Report focuses on the outsourcing of market abuse surveillance to group entities and the Central Bank's expectations in this regard.
- Data – in this Report, the Central Bank explains that while there have been improvements in the quality of data being submitted to the Central Bank since the 2022 Report, there remains issues in a number of key areas. The Report reminds impacted firms of the need for data to be "complete, accurate and timely".
Regarding the stated expectations relevant to data quality, the Report includes an additional expectation over and above that included in the 2022 Report which impacted firms should note. That is to "engage with the Central Bank as soon as possible after any data issues are identified. Failure to do so may warrant supervisory intervention up to and including enforcement action."
- Crypto-assets – building on the risks posed by crypto-assets which were highlighted in the 2022 Report, the Central Bank reiterated its position regarding the appropriateness of crypto-assets for retail investors and that it was "highly unlikely" to approve proposals for the direct or indirect investment by Undertaking for Collective Investment in Transferable Securities ("UCITS") or Retail Investor Alternative Investment Fund ("RIAIFs") in crypto-assets. The Central Bank concluded its commentary on crypto-assets confirming that "supporting the implementation and operationalisation of MiCA will be a priority area of focus for the Central Bank".
Other points of note
Digital Operational Resilience Act ("DORA")
The Report describes DORA as an "important regulatory milestone" in the context of the cybersecurity risks. The Central Bank advises securities markets participants to closely monitor the development of DORA. This reference to development, likely refers to the Level 2 measures which are yet to be confirmed. These will be proposed and adapted by the European Supervisory Authorities over the coming 18 months. These measures will focus largely on how the rules will function in practice. Many firms can expect that there will be a need for investment in processes, procedures, systems and expertise to ensure effective implementation.
Central Bank Expectations
Regarding the expectations detailed in the Report, these highlight to impacted firms what they need to do to effectively "identify, mitigate and manage risks in the context of their particular business activities". Impacted firms should carry out a gap analysis of their current governance structures to ensure these expectations are being met. Where shortcomings are identified, actions should be taken to address them without delay.
Additionally, the Central Bank uses three case studies to demonstrate these expectations, and additional expectations, and special attention should be given to them.
While not specifically requested, we would also recommend impacted firms to update their boards and relevant senior management of the contents of the Report, flag the intention to undertake a gap analysis as detailed above and the plan to rectify any shortcomings should they be identified.
| Area of focus | Central Bank Expectations (as detailed in the Report) |
|---|---|
| External Risk Environment - Sanctions | The Central Bank expects Regulated Financial Services Providers ("RFSPs") to:
|
| Sustainable Investing | The Central Bank expects RFSPs to:
|
| Market Integrity | The Central Bank expects RFSPs to:
|
| Market Conduct Risk Management | The Central Bank expects RFSPs to:
|
| Delegation and Outsourcing | The Central Bank expects RFSPs to have regard to:
|
| Cybersecurity | The Central Bank expects RFSPs to:
|
| Data Quality | The Central Bank expects RFSPs to:
|
| Digital Innovation | The Central Bank expects Fund Service Providers and Issuers of financial instruments to:
|
This article was co-authored by partners Joe Beashel, Louise Dobbyn, Niamh Mulholland and Ian O'Mara and PSL Claire Scannell. Should you have any queries in respect of the above, please do not hesitate to contact any member of Matheson LLP's Financial Institutions Group, or your usual Matheson LLP contact.