Changes to improve the robustness of UK AML/CTF measures and the enhancement of supervisory powers are due in 2023, including:
The MLR requirement on reporting material discrepancies between KYC information and information held by Companies House will take effect on 1st April 2023, with the scope of business types being extended to trust and company service providers and LLPs.
Further MLR amendments being enacted by September 2023 include adopting the global standard definition of Proliferation Financing and giving AML/CTF supervisors and authorities greater scope to share intelligence.
The UK Government’s new Economic Crime Levy on AML-regulated businesses will apply for the first time in the 2023-24 reporting year.
The Economic Crime and Corporate Transparency Bill continues to make its way through Parliament with some of its provisions potentially taking effect during 2023 including:
A requirement for directors and Persons with Significant Control (PSC) of companies, as well as general partners of limited partnerships, to verify their identities with Companies House.
The ability to impose discrepancy reporting requirements on any person who is carrying on a business in the UK, including specifying what kind of information a person would need to gather from customers and what they would need to provide to Companies House.
The long-planned adoption of a single EU AML authority (AMLA) is expected in 2023. The EU anticipates this body will deliver uniform regulation and improved coordination across member states. It is envisaged the regime will come into force in 2026, allowing time for consolidated technical standards to be developed. Revised guidance is also expected from the EBA in Q2 on de-risking and in Q4 on risk-based supervision.
Market Abuse Detection
To strengthen market integrity and confidence, a consistent theme from global regulators has been the focus on strengthening measures to prevent and detect market abuse. The UK regulator increased disciplinary action against firms and individuals for failure to implement appropriate measures to counter market abuse. The FCA issued more fines relating to market abuse failures in 2022 than at any point since 2017. This indicates that market abuse systems and controls will be a clear focus in 2023.
UK Cryptoasset Regulation
On 1st February 2023, the UK government set out their proposals for the future financial services cryptoasset regulatory regime. The proposals have been developed with a view to growing the UK economy and embracing the advantages of technological change. The government has outlined plans to build regimes for crypto-lending and regulate a broader set of cryptoasset activities to be more consistent with the approach taken for traditional finance. These changes build upon previous government ‘Phase 1’ proposals covering stablecoin payments and financial promotions.
The FCA have outlined they are working to develop an appropriate regime to support the new regulated activity for the custody of fiat-backed stablecoins which brings with it the requirement for firms to obtain FCA authorisation. In terms of financial promotions, the FCA has repeatedly raised concerns over cryptoasset firms being used as agents for illegal activity and are continuing warnings to consumers on high-risk cryptoasset investment scams. Investment in cryptoassets currently sits outside of the FCA regulatory perimeter as does Crypto marketing, however this is likely to change with the government’s plans to legislate, which includes bringing qualifying cryptoassets into the scope of the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005.
What the Experts Say
Patrick Meighan, Senior Vice President – Regulatory Compliance Product Owner & Model Office Advisor
2023 will be a particularly challenging year for the financial services industry considering the global economic uncertainty, turbulent markets and various regulatory initiatives on the horizon.
Regulators are increasingly focused on good outcomes for consumers and promoting good conduct and culture within firms. With more ESG focused reporting and standards coming into focus this year, I would urge firms to have robust horizon scanning measures in place to ensure they are aware of industry guidance. Whilst undoubtedly more ESG guidance will come, there remains an element of uncertainty as to how firms should build an ESG compliance programme; it may well become a part of a firms KYC checks. However, I would suggest that firms consider what ESG means to their firm and begin to upskill employees in addition to building ESG reporting metrics into their decision-making process.
From a financial crime perspective, 2022 was a year of increased sanctions activity. The global sanctions regime will remain an important element in the fight against crime in 2023, with additional focus on commodities and the introduction of the price cap on Russian oil. The further introduction of a price cap on Russian petroleum products this month will keep Financial Crime and Sanctions experts busy throughout Q1. In addition, an increased focus on holistic monitoring and behavioural trends will be of key importance. This will allow for a well-rounded risk assessment encompassing various elements of concern.
The introduction of DORA further increases regulatory focus on operational resilience, with DORA requiring firms to have a full understanding of their ICT infrastructure and ensure they have a robust risk management programme in place to withstand, respond and recover from ICT disruptions and threats. Firms should take the necessary steps to prepare for DORA requirements by conducting initial mapping and gap analysis exercises and taking steps to mitigate any identified gaps as a result.
Trade and Communication surveillance will remain a key topic throughout 2023 with the increased demand for better data and industry need for holistic surveillance. The increase in regulatory focus on unapproved communication channels (evidenced by large fines in 2022) will lead to more pressure for holistic surveillance. Firms should also ensure they have comprehensive market abuse risk assessments in place as the FCA have noted this need in their Market Watch 69.
With the proposed Edinburgh Reforms and open consultations taking place in 2023 alongside more guidance expected on cryptoassets, it is critical that firms stay on top of industry guidance and potential changes. It is therefore pertinent in 2023 that firms have a robust gap analysis process alongside horizon scanning to fully inform risk management & regulatory change management programmes.
Alexandra Thompson, Vice President – Project Management & ESG
In 2022, we witnessed several global issues and events such as, inflation, war, supply chain issues and climate change related weather events (record heatwaves in Europe, a devastating hurricane in the US and floods covering a third of Pakistan). These significant environmental, social and political crises that occurred over the last 12 months have highlighted the importance of ESG more than ever.
The prevalent impacts of climate change have resulted in the necessity for considerable action to be taken. Recently at COP 27, many countries made pledges to improve their efforts at tackling the climate crisis. Heightened awareness of the risks and impacts of climate change has led to rising pressures on businesses with regards to their ESG approach going into 2023.
Over the next year, ESG regulations will continue to evolve at pace and governments around the world will be making their commitments for the future, meaning companies need to become more astute about how they manage and report data related to ESG.
Increased regulatory pressures will continue to shape the ESG agenda for 2023 and whilst many companies are setting sustainability goals and publishing ESG-related data, some organisations have been found guilty of "greenwashing” (a subject highlighted and discussed at length during COP 27). “Greenwashing” is expected to continue to be a topic of debate in 2023 and company claims around sustainability will need to stand up to scrutiny. If not, companies could face high losses and risks to reputation, as we have seen from ESG-related fines issued in 2022.
It is therefore essential over the next 12 months for financial services firms to clearly understand their current ESG position and approach (including strategy and reporting abilities), as getting it wrong can be hugely detrimental.
Going into 2023 – as awareness and understanding around ESG is growing rapidly for governments, regulators, stakeholders and customers, what is evident is that accountability and transparency is going to be crucial for businesses going forward.
Aisling McGreevy, Senior Associate – Compliance Assurance
On 9th December 2022, the Chancellor of the Exchequer announced The Edinburgh Reforms, a series of proposed revisions to UK financial services regulation including a reform of the Ring-Fencing regime, reforming Short-Selling regulation, publishing an updated Green Finance Strategy, publishing a response to the consultation on expanding the Investment Manager Exemption to include cryptoassets, consulting on Consumer Credit Act Reform, and a review of the Senior Managers & Certification Regime (SMCR).
Under the Reforms, a review of the Senior Managers & Certification Regime (“SMCR”) will commence in Q1 2023, which will be of great interest considering the regulators focus on conduct. Whilst it is presently unclear what the proposed SMCR reforms will look like, it is pertinent that all firms and market participants continually ensure they remain in compliance with the current SMCR framework.
SMCR was designed to reduce harm to consumers and strengthen market integrity by promoting individual accountability and improving the culture of financial services firms. The regime also established a code of conduct through the Individual Conduct Rules and the additional Senior Manager Conduct Rules. Although the FCA maintains that conduct and accountability have improved since the implementation of SMCR, there has been a notable lack of enforcement action taken against Conduct Rule breaches, which raises the question of how effectively SMCR currently operates as a deterrent for misconduct. With this in mind, we can presume the review will initiate several changes to the current SMCR framework.
Critics of the proposed Edinburgh Reforms have denounced the Government’s plans to curtail regulations designed to mitigate risk and protect consumers such as the ring-fencing of retail banking services from investment banking activities. Whilst the Chancellor has defended the proposed reforms, offering assurances they will not increase risk across the sector or undo the work of regulation post-2008, we must be vigilant of the impact any deregulation will have on the industry and consumers.
Alongside the imminent Financial Services and Markets Bill, the Edinburgh Reforms are the Government’s next step towards replacing EU laws and establishing a smarter regulatory framework that will hopefully prompt growth and competitiveness for the UK financial services industry. We will have to consider what that means to SMCR, conduct rules, and the wider regulatory framework in the future.
Gareth Edwards, Vice President – Financial Crime Compliance
The year ahead will remain challenging for firms seeking to maintain compliance with the ever-changing financial crime landscape.
Issuing enforcement action to several banks for AML failings during 2022 the FCA indicated the importance of the focus on:
- effective AML systems and controls to verify information provided by customers
- identifying suspicious transactional activity
- taking prompt and appropriate action where red flags are raised
Firms should be aware of these FCA enforcements in preparing their 2023 compliance programme and act where enhancements are required to mitigate similar incidents from occurring in their business. The proliferation of new sanctions during 2022, brought about primarily by the war in Ukraine created significant compliance challenges for financial services firms. The sanctions risks will undoubtedly continue in 2023, making effective processes and controls in this area key to ongoing compliance.
Proposed regulatory reforms in 2023 will require firms to consider additional compliance resourcing to meet new or enhanced obligations in areas such as support for the expanded role of the Companies Register, and the National Crime Agency’s use of wider information gathering powers. A more comprehensive regulatory regime for crypto issuers and service providers in 2023 will also require firms to ensure effective policies and procedures are in place to meet this rapidly evolving risk.
Aislin Cole, Vice President – Regulatory Compliance
In February, the UK government announced plans for the future of crypto regulation in the UK. These plans include an extension of the regulatory perimeter to cover cryptoasset exchange, custody, and lending activities and carve out key details from prudential requirements to operational resiliency in these areas. The proposals also reference the development of a crypto market abuse regime.
It is clear that recent headlines such as the bankruptcy of the US-based FTX crypto exchange have impelled the government to drive forward with a robust ‘Phase 2’ plan now that we have more knowledge of the detrimental impact on market stability, which is caused by a lack of crypto regulation. The EU are aiming to tackle similar concerns with the implementation of the Markets in Crypto-Assets (MiCA) regulation. MiCA also sets out rules relating to market abuse, disclosure of inside information, insider dealing and market manipulation and is expected to enter into force later this year.
In the US, the federal banking regulators have responded to recent crypto market events by issuing a joint statement on 3rd January 2023 outlining their concerns and risks to banking organisations that are associated with cryptoassets and the cryptoasset sector generally. This statement highlights the importance of ensuring that cryptoasset- related risks do not migrate to the banking system. The risks raised in the statement regarding exposure to scams and awareness of crypto market volatility resonate with the FCA Notice and PRA letter issued to firms in March last year.
In summary, the changes we are seeing in the crypto market are reinforcing the need for broader cryptoasset regulation. Further regulation is likely to increase investor confidence and heighten the appeal and disruption of cryptoasset markets overall. In 2023, we can expect to see greater collaboration between the FCA and government to develop their regulatory approach, however, the continuing challenge and aim for the FCA will be to balance innovation with consumer protection and market integrity.
Stacey McCann, Senior Associate – Regulatory Reporting
High quality data and assurance testing will be more important than ever throughout 2023. With more regulatory changes and go-live dates approaching, preparation for changes such as the CFTC Rewrite Phase II and the EMIR REFIT will likely take priority this year. Emphasis will also have to be placed on any changes implemented in 2022 including SFTR, CFTC and SEC reporting. Firms will need to ensure recent changes do not lead data quality issues. In the MiFID II space, as recently highlighted in the FCA’s Market Watch 70, regulator expectations are increasing, therefore it is crucial that robust and comprehensive testing measures are in place. This should be applicable to other embedded regulations, especially those that have gone without recent change.
Examining quality control and the content of regulatory submissions has become the focus for regulators. Complete, accurate and timely reporting will continue to be the intention for all firms. It is likely firms will use 2023 to plan ahead and ensure testing measures are in place. Firms may need to avail of support from independent solution providers for this to happen and for any deficiencies to be investigated, preferably sooner rather than later.
Improving data quality requires serious consideration and continues to be a constant focus for regulatory authorities. Preparation and action will be key as firms look to stay on top of and prepare for any change. As regulators actively increase oversight, firms should not be complacent nor rely on grace periods if they want to avoid regulatory enforcement for non-compliance.
Philip McAuley, Vice President – Investment Banking, Research & Control Group Compliance
A key element to countering market abuse is the control of information, understanding who has access to what information at any given time. Last year, particular focus was placed on two key areas relating to information control:
- A reduction in the numbers of Permanent Insiders
- Strengthening communications surveillance
Firms have been working to reduce the number of Permanent Insiders within an organisation and this is something I expect to see continue throughout 2023. The FCA’s Market Watch 71 addressed this in early December 2022 where it was noted they have seen the typical number of Permanent Insiders recorded by firms reducing to between 250-450. Insider lists are key to a firm, and a regulators ability to investigate potential market abuse. Having a more accurate picture of those within a firm who have access to specific non-public information will strengthen firm’s abilities to conduct internal investigations into improper disclosure of Material Non-Public Information (MNPI), insider trading and market manipulation.
2023 will bring increased scrutiny on e-communications, specifically use of personal devices to discuss business where MNPI or confidential information is being disclosed. We have seen an increase in regulator focus in this area in 2022 with an array of large fines handed out to various organisations for failure to retain oversight and control over information. The Regulators actions indicate improvements must be made internally through tightening of policies, issuance of firm devices, and more resources available for e-comms surveillance.
Michael O’Neill, Vice President – Trade Surveillance
With increasing complexity in detecting multiple types of market abuse and suspicious trading activity, the scale of the task is becoming more challenging. Regulatory scrutiny is amplifying which will result in increased cost and expenditure of trade surveillance requirements. The risk of non-compliance is at an all-time high.
Surveillance challenges include:
- Disjointed surveillance data resulting in poor quality alert generation
- Lack of transparency for coverage across regions and asset classes
- Implementing a holistic approach to surveillance with current technology
- Evolving digital currency industry and decentralised marketplaces
At present, there is a high number of surveillance tools using a rule-based approach, which can lead to poor alert generation, reiterating the need for investment in surveillance technology.
Additionally, many trade surveillance systems do not integrate communication surveillance to create robust surveillance analysis. During the COVID pandemic, the risk and heightened scrutiny over 'unapproved communication channels' has increased. It has fundamentally changed the way trade surveillance teams review alerts and reiterated the need to adapt. In 2022, many institutions had to detect market abuse surveillance using multiple internal and external systems for Trade & Communication surveillance, the increased scrutiny of communication considering more remote working has increased calls for a holistic approach to allow for full transparency in surveillance.
Integration of multiple surveillance tools is a huge challenge. To overcome these challenges, there is an increased emphasis on trade surveillance solutions to be strongly aided by new technology systems and the transition from legacy technology. These 'new technology systems' will be from enhancements in Artificial Intelligence (AI) and advanced Machine Learning (ML) to identify true exceptions and reduce the number of false positives.
Whilst there continues to be advancements in this area, there are only a small number of industry recognised surveillance solutions providing comprehensive AI and ML. The way in which we think about surveillance is to mitigate key risks as much as possible. With regulatory scrutiny, increased risk, changes to scope and demand for robust surveillance frameworks, there should be a proactive approach rather than a 'tick-box' scenario.
Technology-driven solutions when combined with robust surveillance data can help evolve how we approach surveillance and the detection of market abuse.