Documente Academic
Documente Profesional
Documente Cultură
BOOKLET
2018/2019 Watchlist
TABLE OF CONTENTS
Editorial 5
Following the principle “Law without enforcement is of no value,” there has been a significant en-
hancement of regulatory authorities’ control and enforcement powers. In Hong Kong for example,
the Amendment Ordinance covers the implementation of an Independent Insurance Authority to
oversee both conduct regulation and a new prudential framework, which is one of the most impor-
tant reforms in the profession since the 80’s. The Hong Kong Monetary Authority (“HKMA”) fined a
foreign bank HK$7,000,000 due to breaches under the Anti-Money Laundering and Counter-terro-
rist Financing Ordinance. In 2017, there were 4 data privacy prosecution cases and a Hong Kong
company director was the first offender convicted of an offence under the Personal Data (Priva-
cy) Ordinance. Between October 2017 and January 2018, the Singapore Personal Data Protection
Commission issued enforcement decisions against no less than 6 organisations. In March 2018,
the Monetary Authority of Singapore fined a foreign bank and its affiliate a total of S$6.4 million
due to the 33 breaches of anti-money laundering requirements, unsatisfactory risk management
and controls in relation to the transfer of customers between the two parties and the failure to
file suspicious transaction reports in a timely manner. Everywhere else in Asia has adopted a si-
milar approach: a reinforcement of disciplinary committees, an increase of penalties, publication
of sanctions... Stakes are high for non-complying financial institutions as not only their financial
performance may be impacted but their reputation is also at stake given regulators’ ability to name
and shame.
In light of these constraints, financial institutions are investing heavily in transformation projects
to secure compliance. However, the term “constraints” does not begin to describe the deep res-
tructuring that will inevitably follow. Indeed, regulations represent a transformation lever largely
underestimated by corporate management who often take a “wait and see” approach when dealing
with compliance issues.
We believe that financial institutions have incentives to anticipate operational impacts of regula-
tions and make - as upstream as possible - decisions that will enable them be properly prepared.
With this Compliance booklet, our Asia, US and Europe teams have joined forces to provide you
with factsheets describing the substance and impact of the main - from our perspective - current or
pending regulations in both the banking and the insurance industries. We hope you find this useful
and helpful in managing your regulatory expectations and preparedness.
Vincent Kasbi
Head of Asia
CONFIDENTIAL © Sia Partners
5
CONFIDENTIAL © Sia Partners
6
Regulation relating to
the insurance industry
1) PRUDENTIAL REGULATION i.e. to make sure that insurance stakeholders are financially
sound. The Brief notes: “the challenges in the coming years are to implement a Risk-Based
Capital (RBC) framework for insurers and observe the IAIS’s requirements on macro-
prudential surveillance, group-wide supervision and corporate governance of insurers”.
Focus on the IA
L
PROGRESSIVE TAKEOVER
• The Amendment enforcement is composed of three stages and is taking place over two to three
years to allow for a smooth transition from co-regulation by the OCI and the Self-Regulatory
Organizations to regulation by the IA.
PIA
Insurance IA
Companies OCI IA
Insurance
Intermediaries Self-Regulatory Organizations
Establish the PIA The PIA was renamed IA to take over SROs
the “independent functions.
Gather funding Insurance Authority”
Hire staff A statutory licensing
It took over the duties regime for insurance
Lease offices of the CI and the intermediaries will
OCI incl. the pru- replace the SROs.
Others dential and conduct
regulation of insurers
through GL18 and
enforcing the an-
ti-money laundering
regulatory regime
The regulation of
insurance interme-
diaries by self-regu-
latory organizations
PREVIOUS REGULATORY continues.
FRAMEWORK
FUTURE REGULATORY
FRAMEWORK PROGRESSIVE
IMPLEMENTATION
Focus on the IA
L
IA’S NEW AUTHORITY
• The Securities and Futures Commission have empowered the IA to conduct inspections,
initiate investigations and impose disciplinary actions on authorized insurers. A licensee
guilty of misconduct or considered not fit and proper is subject to disciplinary actions.
Moreover, the Insurance Ordinance establishes the Insurance Appeals Tribunal.
• In addition, when the RBC framework comes into force, the IA will have the right to impose a
capital add-on if the standardized approach does not adequately reflect the risk profile of the
insurer or if it feels that the insurer’s ORSA process or underlying ERM framework is weak.
• A total balance sheet approach has been proposed for assessing capital adequacy on the
basis of a consistent valuation of its assets and liabilities.
• The CP proposes that the RBC framework includes two explicit solvency control levels on the Own Funds to
trigger appropriate intervention by the IA in case of breach:
MCR
UNDERWRITING RISK MARKET RISK CREDIT RISK OPERATIONAL RISK
SHORT TERM
LONG TERM
• In calculating the PCR and the MCR, the Insurance Authority proposed that a standardized
approach will be used initially. However, the IA leaves open the possibility for insurance
stakeholders to use internal models or partial internal models later in the future, without
communicating on a timeline yet.
Risk Risk
Appropriation Appropriation
Benefits
Increasing chances of capital add-on as less reflective of the true risks underwritten
PRINCIPLE OF PROPORTIONALITY
The Hong Kong Insurance Authority proposes a principle of proportionality for Pillar 2 require-
ments in consistent with foreign frameworks developments.
• The Own Risk and Solvency Assessment (ORSA) process will be overseen by the Board and
Senior Management. It should:
` PROCESS 4 REPORT
• Cover all material risks that might impact • The rationale, calculations and action plans
an insurer’s ability to meet its obligations to associated with the performance of the
policyholders. ORSA will be documented in an ORSA report
• Demonstrate the ability to manage risks and and submitted to the Insurance Authority
capital under adverse scenarios. annually.
• The ORSA is a process that will require participation of both the management and operational
teams. As such, we recommend to anticipate its implementation a soon as possible. Roles
and responsibilities in the project must then be identified in advance for all contributors to be
involved from the early stages.
• To that end, Sia Partners provides below a point of view on expected roles and responsibilities
of the different stakeholders within the ORSA process. Please note that these are our own
considerations and do not derive from official guidance from the Insurance Authority.
CFO / CRO
OPERATIONAL TEAMS
ANTICIPATED COMPARATIVE WORKLOAD FOR RBC FRAMEWORK IMPLEMENTATION PER WORK STREAM
• Related Regulations:
a) GL16 was issued by the Office of the Commissioner of 30 July 2015
Insurance in Hong Kong (“OCI”), now replaced by the Isu- GL16 is released
rance Authority (AI). HKMA also issued two circulars after
consulting OCI to align common objectives regarding cus-
tomer protection, with consistent requirements:
Selling of Life Insurance Products dated after 4 August 2015 8 December 2014
Selling of Non-Linked Long Term Insurance Products dated HKMA Circular “Selling of
after 8 December 2014 Non-Linked Long Term Insurance
b) In May 2016 the OCI started working with the Hong Kong Products” is released
Federation of Insurers to refine its ‘Duty to Advise’ framework
with a fact statement specific to people from mainland
China purchasing insurance polices in Hong Kong.
c) GN15, Guidance Note on Underwriting Class C Business.
A B C F E
Complete Financial Needs Analysis
(FNA) Form
G
Remind customer the importance of the post-sale
call (if applicable) and the cooling-off period
G
Post-sale call (if applicable) to confirm customer’s understanding
of fees and charges, payment term,
non-guaranteed benefits, and cooling-off period, etc.
Ongoing monitoring
IFRS 17
Insurance Contracts
May 2017
• Scope: Comprehensive and international standard establishing The IASB issued the final version
the accounting for insurance and reinsurance contracts that an of IFRS 17, published by IFRS
undertaking holds. Foundation.
• Targeted products/services: All insurance and reinsurance com
panies.
2004
The IASB issued IFRS 4
• Regulation topics: Accounting Insurance Contracts.
• Related Regulations: IFRS Insurance Contracts
IFRS 17 is the first comprehensive and truly international IFRS Standard establishing the
accounting for insurance contracts.
IFRS 4 IFRS 17
• When applying IFRS 4, companies are not • Provides updated information about the
required to account for insurance contracts obligations, risks and performance of
in one specific way. Instead, insurance insurance contracts;
contracts are accounted for
differently across jurisdictions and may • Increases transparency in financial
even be accounted for differently within the information reported by insurance
same company. companies, which will give investors and
analysts more confidence in
• Investors and analysts find it difficult to: understanding the insurance industry; and
identify which groups of insurance
• Introduces consistent accounting for all
contracts are profit making or loss
insurance contracts based on a current
making; and
measurement model.
analyze trend information about
insurance contracts.
IFRS 17
Insurance Contracts
Definitions
• The Standard uses three measurement approaches:
• The general model requires entities to measure an insurance contract at initial recognition at
the total of the fulfilment cash flows (comprising the estimated future cash flows, an
adjustment to reflect the time value of money and an explicit risk adjustment for non-financial
risk) and the contractual service margin. The fulfilment cash flows are remeasured on a current
basis each reporting period. The unearned profit (contractual service margin) is recognised
over the coverage period.
• Aside from this general model, the standard provides, as a simplification, the premium
allocation approach. This simplified approach is applicable for certain types of contract,
including those with a coverage period of one year or less.
• For insurance contracts with direct participation features, the variable fee approach applies.
The variable fee approach is a variation on the general model. When applying the variable fee
approach, the entity’s share of the fair value changes of the underlying items is included in
the contractual service margin. As a consequence, the fair value changes are not recognised in
profit or loss in the period in which they occur but over the remaining life of the contract.
CONFIDENTIAL © Sia Partners
24
IFRS 17 VHIS
IFRS 17
Insurance Contracts
DESCRIPTION OBJECTIVE
IFRS 17
Insurance Contracts
DESCRIPTION OBJECTIVE
DESCRIPTION OBJECTIVE
CHANGE MANAGEMENT AND TRAINING
IFRS 17
Insurance Contracts
OBJECTIVE FUNCTIONALITIES
OUTPUT
Simultaneous INPUT COMPUTATION
Reconciliation of the
computations insurance asset / liability
on several group Parameters Your Cash EPV cash flow Risk Statement of
Flow projections and / adjustment CSM / loss profit or loss /
of contracts or or Our projections of component PAA key financial Analysis
generations cash flow based allocation for of the insurance revenue
Simulation of on your data revenues Comparison between
accounting Options 2 set of options
What-if analysis
USER FRIENDLY
• The VHIS aims at fostering synergies between the public and private sectors and more
efficient use of public and private healthcare resources:
By improving the accessibility, quality and transparency of hospital insurance,
consumers will have more confidence in making use of private healthcare services.
As more people will be willing to make use of private healthcare services through
the VHIS, resources can be released in the public sector - current capacity as high
as 130 per cent according to the hospital authority - to enhance service quality and
reduce waiting time.
• The government will promote the scheme through tax incentives. Policyholders can claim tax
deduction in respect of :
premiums paid for Standard Plans and Flexi Plans by policyholders (and their
dependents);
premiums paid by employees for Voluntary Supplements.
CONSULTATION
DESCRIPTION FEEDBACK *
Guaranteed
• No re-underwriting upon policy renewal
renewal 73.4%
No “lifetime
• No lifetime limit on cumulative claims amount
benefit limit”
Coverage of
• Subject to a three-year waiting period, during which only partial 78.5%
pre-existing
reimbursement will be provided
conditions
CONSULTATION
DESCRIPTION FEEDBACK *
84.6%
Minimum • Prescribed levels for benefit limits to provide basic protection to
benefit limits the public
CONSULTATION
DESCRIPTION FEEDBACK *
Standardized
policy terms • Minimize disputes over interpretation of terms and conditions.
80.5%
and conditions
Premium 91.9%
• Publish age-banded premium schedules
transparency
• Employees may procure at their own cost Voluntary Supplements offered by insurers. The
group policy, enhanced by the Voluntary Supplement, should provide insurance protection at a
level comparable to the protection of an individual Standard Plan
• Group health insurance will not be subject to the Minimum Requirements, but employees have
the right to know whether their group plan is compliant with the Minimum Requirements
Migration
• Within the first year of the VHIS, if existing health insurance policyholders choose to migrate to
the VHIS:
Their benefits in existing policies will not be re-underwritten;
Their case-based exclusion in existing policies can be removed (may be re-underwritten
and need to pay premium loading)
Basel III
Purpose of Basel III and Overview of its standards’ implementation in the U.S.
Significant differences in the approach and phase-in have been identified between U.S. Basel III
framework, the Basel Committee’s framework and the European structure (CRD IV).
In April 2014, the U.S. banking agencies issued a final rule to strengthen the leverage ratio
standards for the largest, most interconnected U.S. banking organizations and created the
Enhanced Supplementary Leverage Ratio (ESLR).
Basel III Supplementary Leverage Ratio (%) = Tier 1 Capital / Total leverage exposure
A new
requirement 3% minimum New eligibility Including
for U.S. banks criteria Off-Balance Sheet
exposure
Basel III
Basel III Milestones Timeline
Parallel run I: The leverage ratio and its components will be tracked by
2013 supervisors but not disclosed and not mandatory.
Parallel run II: The leverage ratio and its components will be tracked and
2015 disclosed but not mandatory.
FRTB
Fundamental Review of the Trading Book
Key Facts
• The purpose of FRTB is to calculate the capital charges, replacing the existing Basel
approach.
• Following the 2007-08 financial crisis, the Basel Committee on Banking Supervision (BCBS) has
designed rules to address the gaps in the current Market Risk Framework. On January 12, 2016, the
BCBS released the Fundamental Review of the Trading Book (FRTB) to reduce the shortcomings of
the current Basel 2.5 market risk capital framework and reduce the variability of market risk weighted
assets across jurisdictions.
Target Operating Model: Banks may want to change their business strategy and Front Office behavior
to minimize their capital requirements and make less risky trades. The business process will need to be
revised as a desk-level approval process is needed for the IMA approach.
Optimization of capital: FRTB will likely increase banks’ market risk capital requirement. Banks may
need to raise extra capital to be compliant with the revised regulatory framework.
Organizational structure: Banks need to change their governance structure and risk management
reporting structure. Roles and responsibilities are clearly defined, and banks will need to develop a joint
partnership between Front Office and Risk functions to harmonize processes across multiple departments.
Processes, procedures, controls, reporting: Banks will need to put extra business processes, such as
extra modelling, validation tests, reporting and disclosure, in place. Subsequently, operational costs will
increase.
Infrastructure: The new methodologies will require investments in both the hardware and software
systems, especially for the IMA implementation. There is a high demand for data management, data quality
and availability to augment existing ecosystems without impacting “business as usual” so that banks can
support the preparations for FRTB compliance, the migration from current to future steady state and then
the ongoing maintenance under a robust, high performing, transparent and efficient technical environment.
Analytics expertise: The complex modelling and calculation methods require both quantitative skills and
sufficient business experience to correctly interpret the regulatory clause.
FRTB
Regulatory and Implementation Timelines
Regulatory Timeline
Most national regulators have extended the deadline into 2020
Jan ‘11 May ‘12 Oct ‘13 Dec ‘14 Jan ‘16 Dec ‘17 Jan ‘18 Jan ‘19 Dec ‘19
Basel 2.5 1st consultation 2nd consultation 3rd Final Final National
Deadline for
consultation FRTB Standards Standards
Implementation
Approval Process
Implementation by Financial Institutions
FRTB Milestones
Final FRTB Final rule published by the BCBS in
Standards January 2016 Completed
Approval
Continuing as required by each bank, Following national
Process once national rules are in place rule making
2019
o Develop pre- o Build the new o Run the VaR o Close out all
trade tools in technology models outstanding
Front Office to architecture alongside the items on the
run FRTB o Document Risk new ES project plan
development Management mandated by the o Make note of
pilots and frameworks, FRTB and incomplete
understand the policies and compare results items on the
impacts before procedures o Backtest loss project plan in
restructuring the o Execute on the estimates of the communications
business from a new Business ES models with the
risk perspective Strategies against historical Regulator
o Conceive data to o Ensure readiness
Technology determine for market risk
Architecture and model reporting under
internal policies performance the new
standards by
year end
FRTB
Revised Market Risk Capital Requirements Framework
Boundary of the trading book Standardized Approach (SA) Internal Models Approach
limitations (IMA) limitations
There was no clear boundary There is a lack of risk Most IMA-based approaches
between the trading and sensitivity in the current allow for risk-reducing benefits
Banking book standardized approach, and of hedging and diversification,
model reliance to be used by unstable during times of
the majority of banks as a stress, while they are strictly
Consequence: There was credible fall-back to internal limited under the SA approach
a possibility of arbitrage of models
regulatory capital between the
two books Consequence: there were substantial differences in the
capital charge calculation between the IMA and the SA
FRTB
A Path to Compliance
Planning
Success
Factors
• Mobilization of an accountable
executive to lead implementation
1. FRTB Programme Managers
across functions (FO, risk, treasury,
finance, operations, IT)
2. Front Office / Treasury Capital
Consumers
• Strong involvement from top
management and FO sponsorship
3. Risk Managers
of the project
4. Technology and Data Teams
• Working closely with data
management office
IRRBB
Principles for banks
IRRBB
Principles for banks
Firms should develop and use their own internal arrangements to identify, measure, monitor and
control IRRBB ensuring that these are in lines with supervisory expectations:
IRRBB is an important risk for all banks Officially include CSRBB (Credit Spread
that must be specifically identified, Risk in the Banking Book) into the IRRBB
1 measured, monitored and controlled. management framework. This is a separate
In addition, banks should monitor and type of risk, but closely associated with
assess CSRBB. IRRBB.
The banks’ risk appetite for IRRBB should The bank should have defined risk appetite
be articulated in terms of the risk to both statements, which are implemented
economic value and earnings. Banks through risk appetite framework, i.e.
3 must implement policy limits that target policies and procedures for limiting and
maintaining IRRBB exposures consistent controlling IRRBB. These are tied to the
with their risk appetite. measured economic value or earnings.
IRRBB
Principles for banks (Continued)
Capital adequacy for IRRBB must be • ICAAP: Banks are responsible for
specifically considered as part of the calculating the level of capital that they
Internal Capital Adequacy Assessment should hold in order to cover all risks
9 Process (ICAAP) approved by the • Level and quality of capital is
governing body, in line with the bank’s commensurate with the level of risk and
risk appetite on IRRBB. risk appetite
IRRBB
Principles for supervisors
IRRBB
Standardized Framework
Standardized Framework provides a valid fallback for the banks to use. Banks might choose to
adopt this or the Supervisors request the banks to use.
It is a set of rules that can applied by the banks to calculate the minimum required capital for
IRRBB
The positions in the banking book need to be categorized into one of the 3 categories:
• Amenable Positions: Any position that can be decomposed into notional repricing
cash flows where the maturity or time to repricing is unambiguous
• Not Amenable Positions : Positions that are better suited to banks’ own
independently validated estimates of key risk parameters;
• Less Amenable Positions: Any position where the notional repricing cash flows have
maturity or repricing uncertainties that can be quantified. Usually refers to the
automatic interest rate option
Stage 3 Compute change in EVE (6 IR shock scenarios) for each currency The
Sensitivity sensitivity
Calculations
calculations
ADD are based on
Stage 4
Add-on: option value 6 shock
Integration of
additional changes under IR shock scenarios
changes scenarios
Stage 5
Currency Currency aggregation for each scenario (6 of them) The
aggregation maximum
ΔEVE among
Stage 6 the 6
scenarios
Calculation IRRBB minimum capital requirements
• Estimates of projected revenues, losses, reserves, and pro forma capital Levels
• A discussion of how the firm will maintain all minimum regulatory capital ratios
Assessment of Expected under expected conditions and the required stressed scenarios.
Uses and Sources of Capital • A discussion of the results of the stress tests required by law or regulation and
an explanation of how the capital plan takes these results into account.
• A description of all planned capital actions by the firm over the planning
horizon.
• Provides the firm’s policies outlining the principles and guidelines used for
Firm’s Capital Policy capital planning, capital issuance, usage, and distributions.
• In conducting the qualitative assessment, the Federal Reserve evaluates firms’ capital
planning practices, focusing on six areas of capital planning—namely, governance, risk
management, internal controls, capital policies, incorporating stressful conditions and
QUALITATIVE
• The Federal Reserve’s quantitative assessment of a firm’s capital plan is based on the
supervisory and company-run stress tests that are conducted, in part, under the
DFAST rules.
• The quantitative assessment of a firm’s capital plan in CCAR includes a supervisory
assessment of the firm’s ability to maintain capital levels above each minimum
regulatory capital ratio, after making all capital actions included in its capital plans,
under baseline and stressful conditions throughout the nine-quarter planning horizon.
QUANTITATIVE
See table 1 for a list of the ratios that are applicable to firms participating in CCAR
2018 over the planning horizon.
• Beginning January 1, 2018, the minimum supplementary leverage ratio (SLR)
requirement of 3 percent applies to firms that meet the thresholds for applying the
advanced approaches framework. For purposes of CCAR 2018, firms must report their
SLR using data as of December 31, 2017.
• The quantitative and qualitative assessments serve as the basis for the Federal Re
serve’s decision to object, or not object, to a firm’s capital plan as a part of CCAR. The
decisions for all firms participating in CCAR 2018, including the reasons for any
objections to a firm’s capital plan, will be published on or before June 30, 2018. In
addition, the Board will separately publish the results of DFAST under the supervisory
severely adverse and adverse scenarios.
• DFAST uses the same supervisory stress test as in the CCAR quantitative
assessment, but with different capital action assumptions.
Note: All regulatory capital ratios are calculated using the definitions of capital, standardized
risk-weighted assets, average assets (for the tier 1 leverage ratio), and total leverage exposure
that are in effect during a particular quarter of the planning horizon. The advanced approaches
are not used for purposes of these projections.
* Supplementary leverage ratio applies only to advanced approaches firms.
CONFIDENTIAL © Sia Partners
47
BASEL FRTB Funding Stress ANA- BRRD
IRRBB CCAR CRDV
CRD V CECL MiFID II SFTR
III Plans Testing CREDIT
CCAR 2018
For purposes of CCAR 2018, if a firm receives a non-objection to its capital plan,
Capital Plan the firm generally may make the capital distributions included in its capital plan
non-objection submission beginning on July 1, 2018, through June 30, 2019, without seeking
prior approval from or providing prior notice to the Federal Reserve.
If a firm receives an objection to its capital plan, the firm may not make any
Capital Plan capital distribution other than those capital distributions with respect to which the
Objection Federal Reserve has indicated in writing its non-objection.
At the completion of the CCAR process, the Federal Reserve will publicly disclose
its decision to object or not object to a firm’s capital plan. The Fed will include in
its CCAR disclosure the results of its post-stress capital analysis for each firm,
Disclosure of including firm-specific post-stress regulatory capital ratios (tier 1 leverage, com-
mon equity tier 1, tier 1 risk-based, and total risk-based capital ratios, and supple-
Supervisory mentary leverage ratio, estimated in the adverse and severely adverse scenarios.
Assessments The disclosed information will include minimum values of these ratios over the
planning horizon, using the originally submitted planned capital actions under the
baseline scenario and any adjusted capital distributions in the final capital plans.
If a firm receives an objection to its capital plan, it may choose to resubmit its
plan in advance of the next CCAR exercise in the following year. For instance, a
firm may choose to resubmit its capital plan if it believes it has fully and effec-
tively addressed the Board’s supervisory concerns with the firm’s capital position
Resubmission or capital planning process. In addition, pursuant to the capital plan rule, a firm
must revise and resubmit its capital plan if it determines there has been or will be
a material change in the firm’s risk profile (including a material change in its bu-
siness strategy or any material-risk exposures), financial condition, or corporate
structure since the firm adopted the capital plan.
Execution of The capital plan rule provides that a firm must request prior approval of the Board
for capital distributions if the dollar amount of such capital distributions will ex-
Capital Plan ceed the amount described in the non-objected to capital plan. A firm that is well
and Requests capitalized may make additional capital distributions not to exceed 0.25 percent
of the firm’s tier 1 capital without seeking the Board’s prior approval if certain
for Additional conditions are met.
Distributions
CRD V Package
Capital Requirements Directive V and Capital Requirements Regulation II
Jan 2014:
Principles and Objectives Implementation of CRD IV/CRR
To further strengthen the existing regulatory framework currently in regulations and directives in full
force
place for financial institutions operating in the European Union, the
European Commission has released its most recent amendments
known as the ‘CRD V package’. The package addresses improve-
ments to the Capital Requirements Directive and the Bank Reco-
very and Resolution Directive, as well as the introduction of Basel July 2013:
III provisions into EU law. The purpose is to align with international Transposal of CRD IV/CRR,
regulatory standards while maintaining EU-specific interests. which focussed on prudential
requirements and activity of
credit institutions and investment
firms
CRD V Package
Capital Requirements Directive V and Capital Requirements Regulation II
Leverage Ratio
• Introduces a binding 3% requirement
• For qualifying FIs, exposure ratio can be • Leverage ratio must be applied in addition to
reduced by the amount of: with existing risk-based capital requirements
• Pass through promotional loans and officially • Firms need to determine if they qualify for
guaranteed export credits reduced leverage ratio requirements
• Initial margin received for derivatives
• Lending provided to public sector investments
Proportionality
Amended reporting schedule, disclosure,
• Review definition of “SME” and as
and remuneration requirements for small
appropriate, ensure application of
institutions
concessions across all aspects of the reform
Maintenance of SME Supporting Factor
package
and reduced capital charges for qualifying
infrastructure investments
Key Facts
• Title: European Banking Authority Report on Funding Plans
• Date: Submission of data for the analysis was 10th July 2017.
The analysis
• Scope: 155 banks including subsidiaries from the European Union • Uses 31 December
banking system. 2016 as a reference
• Relevant activities: EBA Guidelines on harmonised definitions and date
templates for funding plans of credit institutions • Covers actual figures
for 2016
• Relevant activities: Banking resolution, bank funding. • And forecasts for three
• Related Regulations: Banking Recovery & Resolution Directive subsequent years
(BRRD) (2017 to 2019)
Pressure on interest income will rise amid necessary changes in the funding mix
• There is a need to issue further MREL-eligible instruments, generally more expensive than
ineligible senior unsecured instruments
• Winding down of central bank funding support will put pressure on future funding costs
• Prices will also increase when secondary markets for debt securities are no longer supported
Stress Testing
Financial stability and stress testing
• Regulation topics:
- Comprehensive Capital Analysis and Review (CCAR)
2017
- Dodd-Frank Act stress test exercises led by the Federal ACS framework was extended
Reserve to include additional exploratory
- Comprehensive Assessment led by the European scenarios, taking into account the
resilience of the system against
Banking Authority and the Bank of England’s annual risks that were not systematically
cyclical scenario (ACS) framework linked to financial markets
Stress Testing
Risk Assesmernts
Macroeconomic Stress
Assessing domestic and global market risks allows the FPC and the PRA to determine the UK
activity risk level and calibrate the severity of the relevant scenarios
• Domestic environment:
• Output: GDP contraction of 4.7% over the first year with unemployment peaking at
9.5%. Large depreciation of the sterling with increased inflation to over 5% by the end
of 2019 following higher import prices. Residential property prices fall with a sharp
decrease of 33%
• Credit: Lending to the UK real economy increases by around 2% across 5 years
reflecting increased credit demand
• Global environment:
• Global growth: challenging macroeconomic environment with a 2.4% GDP
contraction over the first year with severe and synchronised slowdowns
• China: significant economic slowdown with a contraction from 2017 onwards hitting
a -1.2% low by end-2018 and rising to 4.8% on average until 2022
• EU: high unemployment rate reaching up to 13% in 2019 leading to weaker demand,
lower commodity prices and weak inflation throughout the scenario
• US: 21% versus 33% fall in residential and commercial real estate prices respectively,
3.5% GDP contraction across 5 years, increasing corporate credit costs leading to
decreasing profitability
• Commodity: weak global demand with falling oil prices to US$29 per barrel until
2020 and generally weak prices for other commodities until 2022
Quantitative differences between the 2016 and the 2018 macroeconomic scenarios
Note: GDP and unemployment shocks represent the first year of the scenario. Real estate prices shocks take
place from peak to trough.
Stress Testing
Risk Assesmernts
Beyond the assessment of domestic and global Overall, the 2018 stress scenario is more
macroeconomic factors, this scenario is used to severe than the 2008 financial crisis with deep
examine the resilience of the investment banking simultaneous recessions in the UK and abroad,
operations to conditions likely to have material and large falls in asset prices
impacts on a bank’s profit and loss e.g.:
• Equity prices (FTSE 100): apply a price shock • Types of Shocks
of -11% to a bank’s most liquid positions and a • Instant/progressive
shock of -45% to its least liquid ones • Occasional/lasting
• Credit default: examine the ability of a bank to • Limited/global
withstand the default of seven counterparties • Internal/external
that would be vulnerable to the • Qualitative/mechanical
macroeconomic scenario • Types of Scenarios
• Economic activity: ecalculate stress scenario • Historical
revenues and cost projections for an • Hypothetical
Investment Banking division, assuming a fall in • Adverse
financial market volumes as a result of reduced • Stress
economic activity
Note: The FPC and the (PRC) will include the
ring-fenced bank sub-groups of the existing
participants separately in the 2020 annual
Misconduct Stress stress test after the introduction of the
ring-fencing requirements on 1 January 2019.
The ACS also incorporated stressed projections for
potential misconduct fines as of the end of 2017
either by mis-selling payment protection insu-
rance or misconducts linked to wholesale market
activities
Banking Models
Banks are expected to cover multiple risk models into their 2018 concurrent stress test:
• Balance sheet: project changes in the size and the composition of their balance sheet, corpo
rate plans, growth and contraction scenarios
• Credit risk and IFRS 9: reflect the change from incurred loss provisioning to ECL provisioning,
and calculate impairments and risk-weighted assets (RWAs) per asset class and country of
exposure
• Market and counterparty credit risks: calculate stressed losses and RWAs for fair-value
position depending on market risks, counterparty credit risks and credit valuation adjustment
(CVA) risks
• Prudential Valuation Adjustment (PVA): assess the impact of a shock to the funding and
investing cost component of PVA
• Structured Finance: perform stresses including exposures to third-party cash or synthetic
securitisations, own-originated securitisations, third-party covered bonds
• Interest income and interest expense: assess institutions net interest income vulnerability to
the interest rate and economic environments
• Other income and costs: perform stress tests on retail and wholesale products fees and
commissions
• Operational risks and misconduct costs: project operational risk losses
• Pension risk: stress banks’ pension schemes surplus or deficit
CONFIDENTIAL © Sia Partners
55
BASEL FRTB Funding Stress ANA- BRRD
IRRBB CCAR CRD V CECL MiFID II SFTR
III Plans Testing CREDIT
ANACREDIT
Constructing a European statistical database for credits for all Euro Zone participant countries
Introduction et objectives
Anacredit
• Name Snapshot
: AnaCredit - Analytical Credit Dataset • Principles
AnaCredit aimsand objectives
to construct a European statistical database for credits for all Euro Zone participant
• Publication date : 21st February 2014 countries. The premise is the collection of new granular credit data to meet large user needs (national
central banks, BCE, etc.) and to drastically improve transparency
• Implementation
Name : AnaCreditdate : 3 stage
- Analytical implementation
Credit Dataset • AnaCredit aims to construct a European statistical database for credits for all Euro Zone participant
• (March 2018,
Publication July: 21st
date 2019February
and September
2014 2020) • countries.
The credit The premise
database willishold
the between
collection100-200
of new granular
credit riskcredit data
criteria to meetinto
grouped large user needswhich
6 categories, (national
are
• Applicative scope: Financial institutions operating to be communicated
central to and
banks, BCE, etc.) the European Central
to drastically Banktransparency
improve (ECB): Lender/borrower data, valuation measures,
• Implementation date : 3 stage implementation Risk measures, loss measures (potential), state of Balance Sheet, Risk exposure factors
in the 2018,
(March Euro July
Zone,
2019with a focus on
and September credit
2020) • The credit database will hold between 100-200 credit risk criteria grouped into 6 categories, which are
institutions under the Capital Requirement
• Applicative(CRR)
scope: Financial institutions operating to be communicated
• AnaCredit to the
requirements European
involve the Central Bank
collecting, (ECB): Lender/borrower
processing, data, valuation
analysis and feedback measures,
of information.
Regulation
in the Euro Zone, with a focus on credit Risk measures,
AnaCredit data loss measures
collection is to(potential),
be monthlystate of Balance
for large banksSheet, Risk exposure
and trimestral factors
for smaller banks
• Products / services
institutions under the concerned: Increased
Capital Requirement
granularity of credit data initially to legal entities • AnaCredit requirements involve the collecting, processing, analysis and feedback of information.
Regulation (CRR)
only, then subsequently to private individuals AnaCredit data collection is to be monthly for large banks and trimestral for smaller banks
Regulatory
• Products / services concerned: Increased Management Referentials Reporting
• Regulatory
granularity offamily: A initially
credit data collection system
to legal of
entities Centralise Store Analyse Feedback
granular
only, then data, implemented
subsequently to privatebyindividuals
the BCE -> External Regulatory
regulatory reporting Finance
Management data
Referentials Reporting
Business Intelligence
• Regulatory family: A collection system of & operational
• Reporting data,
granular Frequency:
implemented by the BCE ->
Centralise Store Analyse Feedback
integration
External
Ø At the
regulatory time of new data availability
reporting Finance
• The principle data
objectives of the ECB addressing granular credit data collection: Business Intelligence
• Ø Monthly
Reporting (information on collateral…)
Frequency: Ø Better respond to a number of monetary policy issues
& operational
integration
Ø Trimestriel
Ø At the time (of
accounting
new data data, risk data…)
availability • The Ø Betterobjectives
principle evaluate the credit
of the ECBneeds of national
addressing banks
granular facing
credit thecollection:
data ECB
Ø Monthly (information on collateral…) Ø Better
Ø Better calibrate
respond to risk control and
a number collateralpolicy
of monetary management
issues in the Eurosystem
Ø Trimestriel ( accounting data, risk data…) Ø Improve transparency and financial stability in the Euro Zone
Ø Better evaluate the credit needs of national banks facing the ECB
Ø Better calibrate risk control and collateral management in the Eurosystem
Timeline Ø Improve transparency and financial stability in the Euro Zone
Timeline
21st February 2014 July 2015 1st March 2018 : Stage 1 1st July 2019 : Stage 2 1st September 2020 : Stage 3
Publication of First progressive implementation Compliance for credit Financial derivatives, accounts Mortgages, credits to
AnaCredit phase institutions solely for business receivable, off-balance sheet individual entrepreneurs
21st February 2014 July 2015 1st March 2018 : Stage 1 1st July 2019 : Stage 2 1st September 2020 : Stage 3
loans commitments
Publication of Compliance for credit Financial derivatives, accounts Mortgages, credits to
Regulatory Considerations and Impactsphase
AnaCredit
First progressive implementation
institutions solely for business receivable, off-balance sheet individual entrepreneurs
loans commitments
Regulatory
MainConsiderations and Impactsimpacts and Considerations of AnaCredit
regulatory evolutions,
Main
Evolution regulatory evolutions,
Description impacts and Considerations of AnaCredit
Impacts Considerations
What’s Changed?
• The CECL model is based on future expected losses NOT on incurred losses and when impairment is determined
with certainty and recognized which is the current model.
• Adaptors will be required to use historical data, current market conditions and forward looking forecasted loan
and lease performance estimates to determine the expected loss over the life of the loan/lease – the entire life
of the loan/lease.
• The current CECL model will require a more comprehensive review of existing loans and leases to determine
future expected losses, even for those assets that are currently performing without any indication to the contrary.
Concessions provided to a
Modifications of troubled borrower are treated
financial assets N/A
as a continuation of the original
agreement
Non accrual
Permitted Not permitted
practices
MiFID II
Review of the Markets in Financial Instruments Directive
• Scope:
- EU Investment firms and credit institutions providing investment
September 2019:
services and/or performing investment activities Commission to report provision
- EU Market operators of EU-wide consolidated tape
- All EU financial and non-financial counterparties as defined in
Articles 2(8) and 10(1)(b) of EMIR
• Targeted products/services: all financial instruments
• Regulation topics:
- Market infrastructure February 2018:
FCA published algorithm trading
- Transparency and reporting
report
- Investor protection
- Facilitation and harmonization of EU market access
• Related regulations:
- Markets in Financial Instruments Directive (MiFID I)
- Regulation (EU) No 648/2012 on OTC derivatives, central January 2018:
counterparties and trade repositories (EMIR) •MiFID II and MiFIR effective date,
- Market Abuse Directive and Regulation (MAD and MAR) MiFID I replaced
• FCA/BoE/BaFin grants grace
period (~30 months) to ICE/LME/
Principles and Objectives Eurex on clearing rules
• ESMA grants 6 month grace
MiFID II was created to address the gaps in MiFID I revealed by the
period on LEI requirement, FCA
financial crisis, with eight primary objectives: welcomes
1) Enhance the protection of investors by increasing compliance
obligations on EU investment firms
2) Grant EU regulators the mandate to ban certain activities and
products July 2017:
3) Tighten regulations around algorithmic/high-frequency trading Transposition into national laws
(publication no later than July
4) Improve market transparency and transaction reporting 3rd 2017)
5) Bring more trading in EU regulatory scope by implementing
commodity derivative position limits/reporting and creating a new
type of regulated trading venue – Organised Trading Facility
6) Restrict the use of waivers for dark-pool trading
April - May 2016:
7) Strengthen governance requirements and enforce accountability Publication of 3 Delegated Acts
by the European Commission to
8) Implement a harmonized regime that governs the ability of third
enforce the ESMA standards
country firms to access the EU market
MiFID II
Review of the Markets in Financial Instruments Directive
• FCA gives 30 month grace period to ICE and LME. Similar approach is
adopted by BaFin.
April 2004:
• New trading venue Systematic Internaliser attracts algo. traders such MiFID effective date MiFID
as Jane Street and Citadel to operate in equities. JPM/GS/UBS/DB (Directive 2004/39/EC) adopted
confirmed to become SIs for equities, fixed income and derivatives, by the European Parliament to
BNPP for some non-equity instruments and ETF, Barclays/Nordea/ replace the 1993 ISD Directive
Mizuho for fixed income.
MiFID II
Review of the Markets in Financial Instruments Directive
Operational Impacts in
Requirements
the U.K.
MiFID II
Review of the Markets in Financial Instruments Directive
Operational Impacts in
Requirements
the U.K.
• Report to the National Competent Authority of the • New data capture and
parent company on T+1 all trades executed during management
the trading day to enable the identification of market • New reporting
Transaction abuse obligations
Reporting
• 80 fields to capture including but not limited to LEI, Internal alignment
client ID, trader ID, algorithm used, decision maker ID, with EMIR reporting
ISIN, quantity and trading hour
MiFID II
Review of the Markets in Financial Instruments Directive
Operational Impacts in
Requirements
the U.K.
MiFID II
Review of the Markets in Financial Instruments Directive
Operational Impacts in
Requirements
the U.K.
Third country firms who do not apply for authorisation • None as long as the
will still be allowed to serve and deal with EU clients, firm does not engage
Reverse
Solicitation provided that it is at the specific request of the client. in direct marketing
Key Facts
• Title: BRRD - Banking Recovery and Resolution • Relevant activities: All types of banking
Directive (2014/59/EU) activities at consolidated and
- MREL – Minimum Requirement for non-consolidated levels.
own funds and Eligible Liabilities
- TLAC – Total Loss Absorbing Capa • Related subjects: Banking resolution.
city
• Date of adoption: 15 May 2014. • Related regulations:
• Effective date for revisions: - Key Attributes of Effective Re
- MREL: 1 January 2020 solution Regimes for Financial
- TLAC: 1 January 2022 Institutions (FSB).
• Scope: - Banking Union: single
- BRRD / MREL: All European f mechanism of resolution (ECB).
inancial institutions
- TLAC: G-SIBs
While MREL and TLAC may have similar objectives, their differences lie in application. Key points
being: scope, calculation, and enforcement criteria.
While the package CRR / CRD IV aims at reducing the probability of bankruptcy of a given insti-
tution, the BRRD framework, revised to include MREL and TLAC requirements, aims to prevent,
manage and reduce the societal impact of bankruptcy.
*MREL, new ratio of minimum requirement for own funds and eligible liabilities during a bail-in.
**TLAC is a global standard applicable to GSIBs only.
CONFIDENTIAL © Sia Partners
66
SEC CFTC Conduct Manager- SVF Open Rule Volcker
MAS CAT Stock T2 VBL
Swap Swap Risk In-Charge Licensing API 4210 2.0
Date Comment
May 2014 Adoption of BRRD
SFTR
Transparency and transaction reporting for securities financing instruments
SFTR
Article 4 focus – Transaction reporting
Article 4 identifies in-scope entities for reporting obligations and processes to report required
data. The article also considers what information needs to be reported.
All SFTs concluded, modified or terminated after Trade repository (TR) approved for SFTR (list of
the 12th January 2016 approved TR available on ESMA website)
Exemptions: (1) Entities: Members of the ESCB, TR must ensure the confidentiality, integrity and
other EU public bodies with similar functions, EU protection of data received
public bodies charged with or intervening in the Extended approval may apply for trade reposito-
management of the public debt; BIS; (2) Transac- ries recognised under EMIR
tions with the ESCB being a counterparty do not > ESMA has 20 working days to assess the com-
need to be reported pletion of the application
SFTs concluded before 12th January 2016 shall > ESMA has 40 working days to examine the
be reported if: compliance of application for registration or
> The remaining maturity exceeds 180 days extension of registration
> for those SFTs which have an open maturity, If no TR is available, counterparties shall ensure
those that remain outstanding 180 days after that reporting is done to ESMA
that date
Details on any SFTs shall be reported the wor- All counterparties (financial and non-financial) to
king day following the conclusion, modification SFTs must report
or termination of the transaction (T+1) If the counterparty is a non-financial party and
If SFT has been concluded before the 12th Ja- qualifies as SME under Directive 2013/34/EU,
nuary 2016, the information should be reported the financial counterparty must report both sides
within 190 days of the date of application of the of the transaction
SFTR reporting requirements For undertakings in collective investment, the
ManCo of the UCITS or AIFM are responsible for
the reporting
What information to report? The reporting obligation may be delegated to a
third party
The parties to the SFT and the beneficiary of the
rights and obligations arising there from
Inter alia: the principal amount; currency; assets Who needs to report?
used as collateral and their type, quality, and
value; the method used to provide collateral;
Counterparties shall keep a record of any SFT
whether collateral is available for reuse; in cases
that they have concluded, modified or terminated
where it is distinguishable from other assets,
for at least five years following the termination
whether it has been reused; any substitution of
of the transaction
the collateral; the repurchase rate, lending fee or
Comes In force since 12 January 2016
margin lending rate; haircut; value date; maturity
date; first callable date; market segment
Depending of the SFT: cash collateral reinvest-
ment and securities or commodities being lent
or borrowed
ID Data: LEI, ISIN, UTI
SFTR
Not just a simple compliance exercise, SFTR poses additional challenges
Topic Insight
Regulatory overlap • SFTR is not the only regulation to require reporting of certain trades and
transactions. Most notably EMIR and MiFID II have similar key
components. Unfortunately they aren’t always aligned created
additional complexitY.
• In addition, there are currently several other trade reporting
requirements, including those to be implemented in the coming years,
that will further overlap (e.g. CSDR).
Technology • SFTR is more than a simple reporting issue as it requires firms to supply
implications a number of matched data fields that need to be agreed with
counterparties. While some element of leniency will be allowed, getting
all data fields within the reporting requirement to line up, will still be
quite a challenge.
• This is further complicated as a result of the likely regulatory overlap.
Systems and processes will need to be able to accommodate the
various permutations.
Pragmatism • The SFTR reporting requirements will add to the significant increase in
data being reported.
• Historically, the quality of data reported has not been of particularly
great quality (for example see MiFID 1 reporting). It is optimistic to think
that the quality of data will improve significantly especially given the
challenges.
• This in turn challenges how useful the data will be in trying to achieve
the aims for which the data was collected in the first place. Here we can
only wait and see, but there is a significant risk that the huge implemen-
tation costs only achieve limited aims.
Operational Impacts
Overall • Proposed 24 months implementation period, and 6 months testing period upon
Implementation issuance of revised Notice.
Timeline • Banks and Merchant Banks are to provide updates on implementation progress
every 6 months.
• Immaculate coordination between Front, Middle and Back office within Banks to
complete transition.
System and • Current procedures and technological systems may not be set-up to handle the
Process new reporting standards.
Challenges
• Short-term processes may be required as Banks review strategic solutions to
meet reporting requirements.
While many of the SEC Rules have been finalized, there are a set August 14, 2015:
Registration Rules Finalized.
of rules that are not yet final. Once they have been finalized, it will Registration is to become
trigger a registration clock that will be approximately 6-7 months. effective 6 months after the last
Additionally, similar de minimis thresholds will be established for set of rules for Capital, Margin
SEC Swap Dealer Registration. and Segregation, Business
Conduct Standards or the
recordkeeping and reporting have
The final rules that need to be completed have been outstanding
been published in the Federal
and in various states of review for the past 18 months. With the Register.
recent change in the Executive Branch of the US Government, there
was a freeze placed on all new regulations. All pending regulations, February 10, 2016:
including the final SEC Swap rules needed to go under a review. Non-US Person defined
Currently there is indication that these rules will be finalized towar-
ds the end of 2018. That is approximately one year after the pre- April 14, 2016:
viously anticipated completion date. Business Conduct Standard
Rules Finalized. This is the first
of the rules that is required for
There is talk coming from the regulatory agencies, specifically the registration but not the rule to
CFTC and the SEC, to suggest that there might be more coordina- trigger registration.
tion of rules which may have the affect of delaying the final rules
further. July 14, 2016:
Additional rules for Securities-
based Swap Reporting are
finalized.
Compliance Assessment
Program
Elements NFA Exam Preparation and Regulator Expectation Management
In order to assess the level of compliance and the robustness of a client’s Swap Dealer program,
we have developed the “CFTC Rules Matrix” tool. The Matrix tool details the requirements for all
CFTC Swap Dealer Rules and allows us to map to the following elements:
The Matrix allows our clients to track with precision how they are complying with each requirement
of the rules. The additional tools being developed will allow our team to automatically evaluate
transactions for proper reporting requirements to the swap execution facility (SEF) and swap data
repository (SDR) and other transaction level testing necessary to prepare for an NFA examination
or SEC Swap Dealer registration.
Prepare the SD for compliance with multiple substantive regulatory requirements and registrations
including the 4s Attestation.
• Identify Applicable Rules:
Review SD activities to determine applicable rules and regulations across multiple jurisdictions.
• Policies and Procedure Review:
Evaluate Policies and Procedures to determine compliance with applicable rules and regulations.
• Process and Control Evaluation:
Conduct walkthroughs with key points of contact to document SD processes and identify controls.
• Compliance Gap Analysis:
Assess the compliance level of the Swap Dealer program, and identify any gaps in P&Ps, processes and
controls against the rules, regulations and requirements.
• Design Gap Remediation Plan:
Provide recommendations for closing the gaps identified during the assessment.
• Independent Review/Audit:
as required by Rule 23.600(d), 23.600(e), 23.601(h) and 23.603(g).
• Exam Overview:
Providing guidance on how clients should prepare the firm upon onsite regulatory exam.
Examinations
Stock T+2
Shortening the Stock Settlement Cycle to T+2
The shortening the stock settlement cycle to T+2 aim is the below:
- reduce settlement risks
- enhance the liquidity, stability, and efficiency of the JGB market and the money market
- bolster competitiveness among global markets
The Final Report proposes to revise the operational framework and to develop market
infrastructures for T+2 implementation in the Q2 of 2019.
Stock T+2
Shortening the Stock Settlement Cycle to T+2
Reflect
Conduct Risk
Importance of Conduct
Definition
• Conduct refers to the behaviour and integrity of financial services firms towards their clients,
counterparties and other participants in the financial markets. Conduct risk is the risk of a com
pany’s or its personnel’s activities having a unfavourable impact on clients, customers or
negatively impacting the overall market stability and fairness.
Examples of Misconduct
• Between 2012-2016, the world’s leading 20 banks were hit by conduct charges of a whopping
$350 billion globally1. Below some of the most recent, top ticket events that took place in the se-
cond half of 2017:
• Credit Suisse fined $135m by NYDFS for failing to implement effective forex controls
[RiskNet, Dec 2017]
• U.S. fines HSBC $175 million for lax forex trading oversight [Reuters, Sep 2017]
• BNP Paribas Fined $246 Million Over Currency Manipulation [Bloomberg, Jul 2017]
Conduct Risk
State of Regulations and Guidelines Globally
Conduct Risk
State of Regulations and Guidelines Globally
CORE PRINCIPLES2
US EU UK Hong Kong Singapore Thailand Malaysia
Board / Senior
Management Leadership
& Accountability
ü ü ü ü ü ü ü
Fair Treatment of Clients
ü ü ü ü ü ü ü
Remuneration &
Incentive Structure ü ü ü ü ü û ü
Conflict of Interest
ü ü ü ü û 3 ü ü
Product Suitability
ü ü ü ü ü û ü
û No or limited availability of Guidelines / Regulation
ü Key Guidelines / Regulation available
1 The countries identified Selection of recent conduct developments across US, EU & Asia since 2016
2 The Core Principles of Business Conduct are a selection of possible principles as identified and determined by Sia Partners
3 Limited coverage through Guidelines on Addressing Conflicts of Interest Arising from Research Analysis or Reports
Conduct Risk
Common Requirements & Operational Impacts
• Ensure effective governance structures • Define and map out clear roles &
and mechanisms are put in place responsibilities and appropriate
that enable appropriate oversight, reporting lines, define accountability for
supervision and controls dual reporting lines or where superiors
• Ensure clear roles, responsibilities, are located outside the respective
Governance & accountabilities and appropriate and jurisdiction / location and ensure
transparent reporting lines escalation procedures to be in place
Organization
• Ensure conduct supporting remuneration • Establish conduct risk related forums to
structures review and discuss issues and decide
on business appropriate processes
• Establish a strategic balanced scorecard
and define key KPIs/KRIs
Manager-in-Charge Regime
Augmenting Senior Management Accountability for Licensed Corporations
• Regulatory measures:
18th April 2017:
Meaning of senior management MIC regime commenced
A standardised format for information submission in respect operation.
of management structures
Alignment with the existing regime governing responsible Since February 2017:
officers (ROs) The SFC conducted industry
workshops to explain MIC
Corporate governance of licensed corporations measures and new features of the
SFC Online Portal for submitting
MIC information.
• Related regulations:
General Principle 9 and Paragraph 14.1 of the Code of
Conduct for Persons Licensed by or Registered with the SFO 16th December 2016:
The Internal Control Guidelines issued by the SFC The SFC issued a circular to
The Guideline on Anti-Money Laundering and introduce the MIC regime.
Counter-Terrorist Financing
The regulatory regime aims to provide clarity on the accountability, the regulatory obligations and
the potential liabilities for senior management of licensed corporations. The SFC may impose disci-
plinary sanctions on a regulated person if the person is found guilty of misconduct or is considered
as not fit and proper.
Manager-in-Charge Regime
Augmenting Senior Management Accountability for Licensed Corporations
Operational
Descriptions
Impacts
• Each director, RO and MIC must be a ‘Fit and Hiring of directors and senior
Proper’ person. management should be planned
ahead.
• The MIC can be located in or outside of
Hong Kong and it is not necessarily to be The candidates’ knowledge,
an employee of the licensed corporation. experience and reputation
However, the MIC should hold a position should be considered during the
‘Fit and Proper’
of authority within the corporation and recruitment process.
Person;
be properly accountable to the dedicated
Knowledge and functions. The licensed corporation
Experience should provide appropriate
• A licensed corporation should possess and structured training
formal documentation with board approval programmes to ensure the
on the organisational structure, including senior management acquired the
roles, responsibility and reporting lines to relevant skillsets and practical
ensure that the accountability of each MIC is experiences.
clearly defined.
Manager-in-Charge Regime
Augmenting Senior Management Accountability for Licensed Corporations
Operational
Descriptions
Impacts
• the SFC may impose disciplinary sanctions, Policies and procedures should
including but not limited to a fine, be updated / in place to reflect the
revocation or suspension of the licence MIC regime.
Legal liabilities / approval to be an RO and reprimand a
of senior regulated person (whether or not it is a
management
licensed person) if he/she is considered not
fit and proper or guilty of misconduct in the
management of the business.
• the Board members have the ultimate The Board members should
responsibility for the delegated decisions work with senior management to
and should ensure that sound systems and efficiently run the organisation.
controls are in place to supervise those who
Roles and are accountable to the Board. The management structure
responsibilities
should be approved by the
of the Board Board and the Board should
ensure MICs acknowledge the
appointment as MICs of the
particular Core Function.
Manager-in-Charge Regime
Augmenting Senior Management Accountability for Licensed Corporations
Operational
Descriptions
Impacts
SVF Licensing
Regulatory Regime for Stored Value Facilities in Hong Kong
January 1997:
• Related regulations: The Banking Ordinance was
Payment Systems and Stored Value Facilities Ordinance (PSSVFO) amended to introduce a legal
framework to regulate issues
around multi-purpose stored
value cards.
Principles and Objectives
The Payment Systems and Stored Value Facilities Ordinance (PSSVFO) took effect on 13 No-
vember 2015 with a one-year transitional period for existing and new issuers of SVFs to apply for a
license from the Hong Kong Monetary Authority (HKMA). From 13 November 2016 onwards, it will
be illegal for any issuers, unless exempted by HKMA, to issue or operate any stored value facilities
without a license.
The regulatory regime aims to ensure the safety and soundness of SVFs operating in Hong Kong
and adequate protection of the float. Prior to this ordinance, the regulatory regime only applied
to device-based multi-purpose stored value products under the banking ordinance (BO) and to
large-value clearing and settlement systems designated by HKMA under the Clearing and Settle-
ment System Ordinance (CSSO). However, the regulatory regime under BO or CSSO did not cover a
range of non-device based payment facilities.
SVF Licensing
Regulatory Regime for Stored Value Facilities in Hong Kong
Operational
Descriptions
Impacts
• In general, the applicant should not engage The applicant may need to
in any SVF-related business unless the setup a separate legal entity for
conduct of such business is necessary conducting SVF business.
Principal for the operation of the SVF business and
Business therefore requires to obtain an SVF license.
• The licensee may provide remittance and/or
money changing services as an ancillary or
incidental services to its principal business.
• The applicant must have a paid-up share The applicant may need to work
capital not less than HK$25 million or an with their Legal Counsel and
equivalent amount in another currency that External Auditor relating to their
is freely convertible into HK dollar, or is paid-up share capital.
approved by HKMA.
Financial
• HK$25 million is a minimum paid-up share
Resources capital requirement. HKMA may apply a
higher level of capital requirement after
considering the applicant’s risk profile,
the size of the float, the number of user
accounts and the complexity of the SVF
business.
• Each chief executive, director and controller Hiring of directors and senior
of the applicant must be a fit and proper management should be planned
person. ahead.
• The applicant must have in place adequate
systems and controls to ensure that HKMA The candidates’ knowledge and
is regularly updated on changes of chief experience, reputation, criminal
executive, director and controller and record and location should be
‘Fit and Proper’ consent from HKMA is received prior to their considered.
Person; official appointment/s.
Knowledge and • The applicant must have in place adequate
Experience systems and controls to ensure that each
manager of the applicant is a fit and proper
person to hold the position concerned.
• The senior management team and the
key personnel responsible for financial
management, control and risk management
functions, compliance and internal audit of
the applicant should be based in Hong Kong.
SVF Licensing
Regulatory Regime for Stored Value Facilities in Hong Kong
Operational
Descriptions
Impacts
SVF Licensing
Regulatory Regime for Stored Value Facilities in Hong Kong
Operational
Descriptions
Impacts
• Related regulations:
Guideline on Authorization of Virtual Banks under section 16(10) 2017
The establishment of virtual
of the Banking Ordinance by HKMA
banks was one of the 7 HKMA
initiatives to prepare Hong Kong
Principles and Objectives into a New Era of Smart Banking.
Business plan
A credible and viable business plan to Customer protection
strike a balance between business growth Adhere to the Treat Customers Fairly Charter
and the need to earn a reasonable return Terms and conditions must be fair on the
on assets and equity rights and obligations between the bank and
Virtual banks should not place an customers
aggressive business strategy in the Highlight the losses from security breaches,
expense of its systems and risk system failure or human error to be born by
management capability the bank and customers
Organization
& People
HKMA Risk
Regulatory Management
Returns & Policies
Bank’s
Corporate
Governance
IT
Processes &
Infrastructure Controls
& Systems
29 September 2017:
Principles and Objectives Open API is confirmed as one
HKMA released the consultation of Open API on 11 Jan 2018, of the 7 initiatives in HKMA
Strategies of “New Era of Smart
which aims to widely adopt and achieve standardization of Open
Banking”
API across banking sectors. API is the interfaces between software
applications that enabling communication between among them.
Open API is therefore allowing TSP to access banks’ products and 15 August 2017:
service via standardized API. Such API must be secured, efficient, Workshop between banking
controlled and cost effective. HKMA aims to facilitate Open API in representatives & technology
banking industry by taking a role of leadership and guidance. Open firms for knowledge sharing
API policy is one of the seven initiatives of HKMA strategies of “New
era of Smart Banking”, with the following objectives:
July 2017:
• Ensure the competitiveness of the banking sector 20 retail banks & 3 foreign banks
• Encourage more services to improve customer were invited to start working
experience with HKMA on formulating the
• Keep up with world wide development framework
The Open API framework is formulated with 20 Retail Banks & 3 foreign banks representatives,
invited by HKMA in July 2017. It also undergo workshops with information & communication
technologies (ICT) industry on knowledge & experience sharing, to design the customized
roadmap & approaches for Hong Kong.
During the framework outlining period, examples of Open API development from worldwide,
including UK, EU, Singapore & Japan are referenced. Pros & cons of implementation approach
of each of these countries were analysed, and identified the risk-based principles for Hong
Kong development.
Five Pillars were identified for Hong Kong.
Financial Institutions
Implementation Central Banks & Other
are voluntary to
Implementation Payment Service Banks & TSP
Entities implement the
Entity Providers
Playbook
Specified
Architecture, Developed by banks Architecture & Specified
Security & Data Developed by Central / payment service Security Standard, Architecture &
Entity
Standard providers and Data Standard Security Standard
for some APIs
Implementation
Certification by License from Not specified in
of TSP Bilateral Agreement
Central Entity Regulator Playbook
Certification
The amendment to FINRA Rule 4210 (the “Rule”), was proposed to the Securities and Exchange
Commission (the “Commission”) on October 6, 2015. The scope of the amended changes, as de-
tailed in SR-FINRA-2015-36, seek to establish margin requirements for these “in-scope” transac-
tions which are related to Mortgaged-Backed Security (“MBS”); specifically, transactions in (1) To
Be Announced (“TBA”) securities, (2) Specified Pools and (3) Collateralized Mortgage Obligations
(“CMO”) issued in conformity with a program of an agency or Government-Sponsored Enterprise
(“GSE”) with forward settlement dates (collectively “Covered Agency Transactions”).
Effective Date:
Initially the effective date for these changes was announced to be eighteen months after the ap-
proval date or December 15, 2017, however, after two subsequent requests from the industry the
effective date was pushed out twice and currently the effective date is now March 25, 2019. It
does not appear that this date will change.
For many firms, these in-scope transactions are about to go from a routine securities trade to a
complicated transaction involving significantly more resource requirements (i.e. Legal, Operational
Risk, Operations, Collateral Management, etc.). This poses a great risk to many of the financial
institutions engaging in these types of trades because trading on margin will be a completely new
frontier.
Internally, firms will need to incorporate the margin into the Front
Office pricing models, collateral management systems will need to
Technology be updated to handle the new products, interaction with third parties
(clearinghouses, etc.) will need to be incorporated into the systems,
where possible.
Operations & Collateral Procedures will need to be established to manage the new collateral
Management and the fee structure around the MBS collateral collected or paid.
General policies and procedures for all affected departments will need
Policies & Procedures
to be updated or created, including the written supervisory procedures.
Across the firm, areas such as Audit, Risk, Legal, and Compliance will
need to guide the business and other support functions in the new
margin process. As a result, all departments and resources, impacted
Training
by the rule change, will need to have some form of training to ensure
their upstanding of the impact the rule change has to their new BAU
processes. For some firms, new staff will need to be hired.
Volcker 2.0
Proposed Changes to the Volcker Rule
PUBLISHED IN THE-FEDERAL REGISTER JULY 17, 2018, THE COMMENT PERIOD FOR THE PROPOSED CHANGES TO THE
VOLCKER RULE IS NOW OPEN UNTIL SEPTEMBER 17, 2018. BELOW IS A SUMMARY OF THOSE CHANGES.1
On January 14, 2014, Congress approved the revised final Volcker regulations that largely went
into effect on July 21, 2015. The Volcker Rule, as it is commonly referred to, is Section 13 of the
Bank Holding Company Act (the “Act”). Section 13 of the Act requires that the five prudential
regulators collaborate on one common set of requirements for the Volcker Rule. The five pru-
dential regulators are; the Federal Reserve (“Fed”), the OCC, the FDIC, the CFTC and the SEC (the
“Agencies”). The Volcker Rule restricts certain banking entities and nonbank financial companies
from engaging in proprietary trading and certain interests in, or relationships with, specific types of
funds (i.e. hedge funds or private equity funds). This month, led by the Fed, a proposed amend-
ment to the Volcker Rule was agreed upon by the Agencies and submitted currently for public
comment. The final step will be to present a final version to Congress for formal approval.).
The proposed amendment is intended to provide banking entities with clarity about what activities
are prohibited and to improve supervision and implementation of the Volcker Rule.
While the Volcker Rule addresses certain risks related to proprietary trading and covered fund
activities of banking entities, the Agencies note that the nature and business of banking entities
involve other inherent risks, such as credit risk and general market risk. To that end, the Agencies
have various tools, such as the regulatory capital rules of the Federal banking agencies and the
comprehensive capital analysis and review framework of the Fed, to require banking entities to
manage the risks associated with their activities. The Agencies believe that the proposed changes
to the 2013 final rule are consistent with keeping the banking industry safe and sound while
providing banking entities the ability to implement the appropriate risk management policies in
line with the risks associated with the activities in which banking entities are permitted to engage
under section 13.
The Agencies also note that the Economic Growth, Regulatory Relief, and Consumer Protection
Act (“EGRRCP Act”), which was enacted on May 24, 2018, amends section 13 of the BHC Act
by narrowing the definition of banking entity and revising the statutory provisions related to the
naming of covered funds. The Agencies plan to address these statutory amendments through a
separate rulemaking process; no changes have been included in the proposed amendment that
would implement the amendments in the EGRRCP Act. The EGRRCP Act amendments took effect
upon enactment, however, and in the interim period since enactment and before adoption, the
Agencies will not enforce the 2013 final rule in a manner inconsistent with the amendments to
section 13 of the BHC Act with respect to institutions excluded by the statute and with respect to
the naming restrictions for covered funds.
1
https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20180605.pdf
The Federal Register version 83 FR 33432
2
The final rule signed January 2014 is referred to as the “2013 final rule.”
3
For the determination of the trading assets and liabilities, the calculation should be excluding obligations of or guarantees by the US government and should include all
global trading assets and liabilities.
Volcker 2.0
Proposed Changes to the Volcker Rule
The creation of categories to direct specific levels of compliance efforts based on the size of the banking
entity or nonbank financial institution global trading assets and liabilities3; SIGNIFICANT (≥$10B),
MODERATE (<$10B & ≥$1B) & LIMITED (<$1B)
SIGNIFICANT: This category is reserved for banking entities with combined global trading assets and
liabilities3 greater than or equal to ten billion US dollars.
MODERATE: This second category is reserved for banking entities with combined global trading assets
and liabilities3 greater than or equal to one billion but less than ten billion US dollars.
LIMITED: The last category is reserved for banking entities with combined global trading assets
and liabilities3 less than one billion US dollars. Further, for banking entities in this category, there is
presumption of compliance and there is no obligation to demonstrate compliance. However, discovery
of non-compliance would change the category to “MODERATE” and the regulatory agency may apply the
more stringent requirements upon the non-compliant banking entity.
Change to the metric used to flag trading as potentially proprietary trading activity from the length of the
holding period to the total profit & losses (“P&L”) made from trading activities. This change removes the
“rebuttable presumption” and replaces it with the presumption of compliance provided the P&L doesn’t
exceed $25MM over a rolling trailing 90 day period.
With respect to the Market Risk Capital prong of the prohibition of proprietary trading prong, Foreign
Banking Organizations will be permitted to use their local capital requirements provide those
requirements at least meet the standards set by the Basel committee.
Change 4: EXCLUSIONS
(1) Expansion of financial instruments (i.e. FX forwards, etc. per statutory definition list)
(2) Use of transactions to correct previously booked trades/transactions
Volcker 2.0
Proposed Changes to the Volcker Rule
Change 5: EXEMPTIONS
(1) Elimination of RENTD metric. The ability to use internally set risk limits, provided they’re established in
accordance with the Volcker Rule, to presume that trading within those limits signals compliance with the
proprietary trading restrictions.
(2) Relaxing the compliance program requirements for MODERATE and LIMITED categories.
(3) Risk-mitigating hedging standards
MODERATE and LIMITED: eliminated except the effective requirements
SIGNIFICANT: no change except softening language and relaxing documentation reqs.
(4) Modifies and removes certain TOTUS requirements (significant change for FBOs)
Change 6: ALLOWING 3RD PARTY COVERED FUNDS & USE OF COVERED FUNDS FOR HEDGING
(1) Elimination of RENTD metric. The ability to use internally set risk limits, provided they’re established in
accordance with the Volcker Rule, to presume that trading within those limits signals compliance with the
proprietary trading restrictions.
(2) Relaxing the compliance program requirements for MODERATE and LIMITED categories.
(3) Risk-mitigating hedging standards
MODERATE and LIMITED: eliminated except the effective requirements
SIGNIFICANT: no change except softening language and relaxing documentation reqs.
(4) Modifies and removes certain TOTUS requirements (significant change for FBOs)
The proposed changes would allow SIGNIFICANT firms to integrate their Volcker compliance programs (“6
Pillar program”) into their existing framework. MODERATE firms will implement a simplified version and
LIMITED firms will not be required to proactively demonstrate compliance and will enjoy a presumption of
compliance. But they are still required to maintain a compliance program.
With the elimination of Appendix B, the only element that survives is the CEO attestation requirement but
only for the SIGNIFICANT and MODERATE firms.
Volcker 2.0
Proposed Changes to the Volcker Rule
1. Quantify the global trading assets and liabilities to determine which Category your firm will fall
under;
2. Assess the strategy for each Volcker Unit and the businesses overall to determine what
changes, if any, are needed to enhance the desk’s operational efficiency and performance;
3. Review the third party covered funds transactions;
4. Develop the new P&L tracking and monitoring process for the newly created Accounting prong;
5. Update the suite of metrics, including the elimination of some (e.g. RENTD);
6. Adjust the compliance programs to tailor to the new requirements based on Categorization;
7. Assess the impact on the ability to rely on the Basel requirements outside the US;
8. Assess the impact for changes in certain TOTUS activities;
9. Revise Volcker Rule policies and procedures based on rule changes’ impact; and
10. Develop a training program which communicates the changes to the rules (e.g. trading require-
ments, reporting, hedging, ownership/sponsorship of covered funds, etc.).
The impact of these proposed changes have diverse effect on the firms subject to the rules. Smal-
ler firms will see lower costs and a less intrusive compliance program associated with the reduced
compliance requirements while the midsized and larger firms will find the changes significantly
enhance their ability to transaction and manage their risks. While the proposed rule change does
not eliminate the core mandate of the Volcker Rule, it does increase slightly the risk of non-com-
pliance (e.g. less monitoring may allow increased bad actors to take advantage, etc.) however, the
changes allow firms to operate more effectively and efficiently. The intent is to restore a little bit of
the liquidity to the markets that was taken away by the original rule. There are those that say that
Volcker 2.0 brings the markets closer to more sensible balance.
“Living Wills”
Recovery and Resolution Planning (RRP)
“Living Wills”
Recovery and Resolution Planning (RRP)
Sources: Notes:
• G-SIB: FSB, November 2017 • 1 Focus on Hong Kong, Singapore and Japan only
• G-SII: FSB, November 2016
• Hong Kong D-SIB: HKMA, December 2017
• Singapore D-SIB: MAS, November 2016
• Japan D-SIB: IMF, July 2017
‘‘Living Wills’’
Recovery and Resolution Planning (RRP)
Operational
Requirements
Impacts
• Senior management of financial institutions
are responsible for developing and Need to:
maintaining, and where necessary • Implement a robust
executing, plans that will guide the recovery governance and sufficient
process in case of financial stress. resources to support the RRP
• process
Recovery plans should:
Recovery Reflect organisation-specific
Planning circumstances (activity, complexity, • Establish a robust stress-
interconnectedness, level of substitutability testing process fed by
and size), concrete firm-specific
Be based on severe stress scenarios and scenarios
Include measures to reduce the risk profile
and conserve capital (exit of business lines, • Have systems that can
conversion of debt into equity etc.). generate in time the extensive
information required
• Resolution authorities are responsible for
developing and maintaining, and where • Liaise regularly with home
necessary executing, plans that will guide (and host) authorities to
the resolution process if the recovery review plans and underlying
Resolution strategy fails. simulations
Planning • Institutions have to provide to the
designated authorities the data and
information, including strategy and
scenario analysis, required for resolution
planning purposes.
“Living Wills”
Recovery and Resolution Planning (RRP)
A result of joint public and private sectors efforts, the LEI supports
authorities (i.e., CFTC, SEC, ESMA) and market participants in January2013:
identifying and managing financial risks. In particular, LEIs may Inaugural meeting of the Global
be used for reporting and other regulatory purposes in the various LEI Regulatory Oversight
Committee (“ROC”) to establish
jurisdictions represented in the Regulatory oversight Committee
the Global LEI System
(“ROC”).
Once a legal entity has obtained an LEI, it will be published together December 2012:
with the related LEI reference data by the organization that has is- First LEIs are issued
sued the LEI. This means the full data on the entire LEI population
is publicly available for unrestricted use by any interested party at
all times. Although the structure of the ROC and LEI is in place, all June 2012:
ISO publishes first edition of LEI
entities required by its local regulators to implement and convert
systems will need assistance with accommodating this LEI regime.
• Regulatory topics:
Increase the Tax transparency 1 January 2016
New account opening procedures
must be in place and begin
• Related regulations: monitoring for changes in
Foreign Account Tax Compliance Act (FATCA) by US IRS circumstances
Q3 2015
Principles and Objectives Early adopter countries have local
The Organization of Economic Cooperation and Development legislation in place
(OECD) released the CRS, which seeks to establish a new global
standard for automatic exchange of financial account information 16 December 2014
between governments. CRS was endorsed by the G20. More than CRS incorporated into DAC2
65 jurisdictions have publicly committed to such implementation,
with 44 countries having committed to a specific and ambitious ti- 29 October 2014
metable to have in place the first automatic information exchanges Early adopter countries signed
in 2017 and be recognised as the ‘Early Adopters’. CRS
To comply with the CRS requirements, all Financial Institutions will
be required to identify reportable accounts, obtain and review the 22 July 2014
accountholder’s identifying information such as tax residency and CRS Model Commentary
report those accounts to their local tax administration authorities published
on an annual basis. The reportable information will then be ex-
changed with the accountholder’s residency country. 13 February 2014
In order to exchange these data, the OECD has created an Auto- CRS Model Published by OECD
matic Exchange of Information (AEoI) system to ensure systematic
transmission of large information between the CRS jurisdictions.
• A model Competent Authority Agreement (CAA), providing the international legal framework
for the automatic exchange of CRS information;
• The Common Reporting Standard;
• The Commentaries on the CAA and the CRS; and
• The CRS XML Schema User Guide
As at November 2017, a total of 146 jurisdictions committed to AEOI, where the status of
commitments varies and with different date for first exchange exchanges.
Number of Jurisdictions 49 53 3 41
(Year) (2017) (2018) (2019/20) (TBD)
• The CRS Schema is re-using the FATCA schema and elements of STF, so there are some
elements in the CRS schema that are not required for purposes of reporting and exchanging
under CRS.
• The CRS XML Schema is developed at the level of the OECD as part of the CRS, for exchan-
ging information with each other and , in many instances, to receive information from their
Financial Institutions. A schema is a data structure for holding and transmitting information
electronically and in bulk. XML “extensible mark-up language” is commonly used for this
purposed.
• The User Guide explains the information required to be included in each CRS data element to
be reported in the CRS XML Schema. It also contains guidance on how to make corrections
of data items within a file that can be processed automatically.
1. Message Header with the sender, recipient, 2. Person Party Type: controlling person of Passive
message type, reporting period NFEs or account holder details if an individual
• Sending Company • Contact • Tax residence country • Address
Identification Number • Message Ref ID code • Nationality
• Transmitting Country • Reporting period • Tax Identification • Birth Information
• Receiving Country • Timestamp Number (TIN)
• Message Type • Name
5. Transliteration is required because sending and receiving jurisdiction do not use a common alphabet,
Competent Authorities may agree how they will undertake such transliteration.
• By sending a file of corrected data that can be processed in the same systems as the original data that was
received.
• If the whole of a data file is to be completely replaced, there can be a cancellation of the first message, then a new
message with a file of completely new data can be sent, with no link to the previous records apart from the
message header- “cancel and report” not “correct”.
2018
• Scope: withholding cash-payment operations at financial Delta-one transactions will now
institutions with non-US counterparties be covered
• Targeted products: equity linked instruments/ non-principal
contracts and other derivatives.
Jan 2017
Final regulation published to
• Regulatory topics: Taxation and Derivatives reflect phased-in application
Context 2016
Since the Hiring Incentives to Restore Employment (“HIRE”) Act was Finalize QI withholding
agreement, including Qualified
passed in 2010, non-US counterparties were able to avoid taxes on
Derivatives Dealer (QDD) status
“dividend equivalent” payments if they held long positions in certain
derivatives contracts linked to US equity underliers. However, the
US Internal Revenue Service’s (“IRS”) amendment to IRC 871(m) Sept 2015
in 2015 made “dividend equivalent” payments to non-US persons Publication of Final Regulations
by the IRS (Internal Revenue
investing in notional principal contracts (“NPCs”), derivatives and
Service)
other equity-linked instruments (“ELIs”) subject to a default 30% US
withholding tax rate, absent an exception and subject to rate reduc-
tion by treaty.
2010
• The methodology for determining whether a transaction HIRE Act taxes payments on
is within the scope of the withholding tax, as well as derivatives for US counterparties
which party must perform which test (either the Delta or
Substantial Equivalence test) is not prescriptive.
Financial institutions have struggled with the operational challenge that arises due to 871(m). The
IRS’ amendments to 871(m) fail to account for the negative impact on market participants in the
US-sourced derivatives industry; as a result, global disruption has occurred. However, the one year
extension for implementation should assist both banks and taxpayers. If the delay is a signal of
permanent status, then non-delta-one transactions and the more complex aspects of the QDD re-
gime will never be covered by the rules, absent anti-abuse provisions. This extension for a phased-in
implementation provides financial institutions to achieve compliance with 871(m).
CONFIDENTIAL © Sia Partners
116
Financial FinCEN NYSDFS GDPR Data Privacy Cybersecurity
Crime Part 504
On September 17, 2015, the US Treasury released final regulations under section 871(m) of the
Internal Revenue Code which provide rules for withholding of up to 30% (subject to reduced
rated under applicable U.S tax treaties) on payments pursuant to a derivatives contract or other
equity-linked instruments that reference US equity securities.
• In-scope products include, but are not limited to, equity swaps, structure derivatives,
structured notes or certificates, OTC equity options and OTC equity forwards.
• The rule is global in scope and applies to all regions and countries.
Jan 1,
2017
• The US Department of the Treasury and the IRS amended section 871(m) to delay the
effective date of certain rules in the final regulation. Specifically, the phase-in period.
• Taxpayers and withholding agents will have additional time to implement 871(m) regulations
for non-delta-one transactions. Therefore, the Treasury Department and the IRS intend to re-
vise the effective date to not apply to any payment made with respect to any non delta-one
transaction issued before January 1, 2019.
• The IRS will determine whether the taxpayer/withholding agent made a “good faith effort”
to comply with the 871(m) regulations with respect to delta-one transactions in 2017 and
non-delta-one transactions in 2018. In addition, the IRS will also consider the extent to which
the taxpayer/withholding agent made a “good faith effort” to comply with the section 871(m)
regulations for (1) any delta-one transaction in 2017 and 2018, and (2) any non-delta-one
871(m) transaction in 2019.
2018 2019
The IRS amended 871(m) in a manner that could confuse market participants about whether
their conduct would be compliant with the rule. Market participants entering into these contracts
will have to understand the roles and responsibilities for each specific trade they enter into, and
if they cannot rely on their referential source systems (i.e., Bloomberg, Thomson Reuters) or
broker-dealers to compile this information with monitoring for them, they will have to either imple-
ment this process into their own infrastructure, or stop entering in-scope trades. At a minimum,
the following needs and constraints have been identified:
Identified needs Constraints
• Two main challenges resulting from this • Planning
regulation: • A very tight planning timeline
1. Identify the effected financial products • A short time to comply with the
and their associated withholding taxes regulation (fully effective in 2017)
2. IT & process transformation from the • Financials
front to the back office (pricing to • Very high fine if institution is not com
reporting tools) pliant
• This regulation provides opportunity to: • If an in-scope counterparty is not
• Produce a mapping of all products withheld upon, they are fined at 100%
traded by the bank of the withholding tax. If appropriate
• Allow a clear picture of all client documentation (such as an a
financial products traded signed ISDA agreement) is not obtained
• Allow a more accurate and stored by the bank, the bank is
monitoring of all financial technically liable
products • Why this regulation different?
• Review business strategy • The 871 (m) section brings new notions
• Some products are less attractive for to the regulatory environment.
clients because of the withholding tax • The FATCA application doesn’t
• Regulation can significantly impact withhold tax on certain dividend
client portfolio yield equivalent payments
• IRS has introduced new terms; Simple
& Complex products, new tests, new
process. This is an all new request for
dealers to adapt in a short time frame
Despite the lack of clarity, financial institutions are forced to make decisions on procedures on the
following items in an uncertain environment.
4 major Items for Financial Institutions to Address
871(m) will require financial institutions, both Foreign Banking Organizations & US Bank Holding
Companies, to develop and implement an IT infrastructure to ensure compliance. Specifically, they
must develop IT systems to (1) identify the citizenship of the counterparty and product types that
are in-scope for withholding, (2) calculate the dividend equivalent amount and withholding tax
for each in-scope counterparty, (3) monitor corporate actions on underlying US equities, and (4)
report and remit withholding taxes to the IRS.
Scope
§ Impacted Products:
SWAPS Options (Listed & OTC) Futures
Repurchase Agreements Convertible Debt Compensation Agreements
Forwards Security Lending Equity Linked Contracts
§ Impacted Parties
Hedge Funds Banks Asset Managers
Brokers Clearing Houses Executing Brokers
Custodians Wealth Managers Foreign Investors
IFRS 9
Financial Instruments
November 2015
Principles and Objectives The IASB issued IFRS 9 Financial
Instruments (Hedge Accounting
IFRS 9 brings together the classification and measurement, im- and amendments to IFRS 9, IFRS
pairment and hedge accounting phases of the IASB’s project to re- 7 and IAS 39) amending IFRS 9
place IAS 39 Financial Instruments: Recognition and Measurement. to include the new general hedge
accounting model, allow adoption
IFRS 9 is built on a logical, single classification and measurement
of the treatment of fair value
approach for financial assets that reflects the business model in changes due to own credit on
which they are managed and their cash flow characteristics. liabilities designated at fair value
Built upon this is a forward-looking expected credit loss model that through profit or loss, and remove
will result in more timely recognition of loan losses and is a single the 1 January 2015 effective
model that is applicable to all financial instruments subject to date.
impairment accounting.
December 2011
In addition, IFRS 9 addresses the so-called ‘own credit’ issue, whe- The IASB issued Mandatory
reby banks and others book gains through profit or loss as a result Effective Date and Transition
of the value of their own debt falling due to a decrease in credit Disclosures (Amendments to IFRS
worthiness when they have elected to measure that debt at 9 and IFRS 7), which amended the
fair value. effective date of IFRS 9 to annual
periods beginning on or after 1
January 2015, and modified the
The Standard also includes an improved hedge accounting model relief from restating comparative
to better link the economics of risk management with its accoun- periods and the associated
ting treatment. disclosures in IFRS 7.
IFRS 9
Financial Instruments
On Accounting / Reporting
Financial Assets • Enhance the account structure
•Define additional requirements for the data
• New model of classification •Update the accounting procedures
containing 3 accounting categories
On Data Source
(vs 4 for IAS 39) • Enhance the data model (historical data, forecast data,
• The classification depends on 2 characteristics of financial instruments,…etc.)
criteria: contractual cash flows and
business model On Finance
• The three categories are: • Identify additional information and impacts of
reporting in the financial statement
. Amortization cost (AC)
• Estimate and communicate the potential impacts of
Classification and Measurement
Fair value through other the changes introduced by new IFRS 9 Standard
comprehensive income • Estimate the impacts on the regulatory capital
(FVOCI)
Fair value through profit or On Area of Judgements
loss (FVTPL) • Determine and validate business models
• Determine the characteristics of the cash flows (choice
of the financial instrument benchmark)
Financial Liabilities
On Area of Judgements
• Implement at each level the new categories of financial
instruments and allocate the assets to the different
categories
• Conduct necessary studies regarding the system
implementation of business model and test of SPPI
Modify the systems to provide necessary data for
classification (historical and forecast data)
IFRS 9
Financial Instruments
On Accounting / Risks
• New model is forward-looking
• Incorporate the notion of expected loss in the provisioning
which requires the recognition of related to the risks
expected credit losses to reflect • Define the thresholds of significant change of the credit
changes in the credit risk of risk
•Validate data sources (audit trail, peculiarities of the
financial instruments products impacting their accounting mode, the
provisioning rules…)
• A 3 steps approach, the allocation • Revise the necessary accounting schemes
of a financial asset at each • Review/Update the accounting procedures
stage depends on the level of On Organization / Process
deterioration of credit quality: • Coordinate the processes between risk management and
accounting departments
• Define the roles and responsibilities (implying the
risks and the accounting) in order to manage the gaps/
distortions and avoid duplicates
• Set up training sessions to increase the awareness of risk
and accounting people on mutual issues that is impacting
Evolutin of the Credit Quality them
• Define and implement the necessary controls across all
functions and departments involved in the application
of the procedures, data collection, implementation of
Impairment
On Financial Communication
• Quantify the impact on equity, the covenants, and the
regulatory capital
• Define a communication plan for the shareholders
Recognition of Expected Losses on Credit (analysts , investors, regulators…etc.)
On Area of Judgements
• Develop accurate estimates for:
Expected credit losses
The date on which the entity considers that
there is significant increase in credit risk
• Clarify the definition of “default” and “significant increase”
considering the characteristics of financial instruments,
and being consistence with the risk management
• Document the information and data required for the
calculation of the expected credit losses (historical data,
both recent and prospective)
On Information System
• Audit the information systems in order to ensure their
robustness in terms of data collection/calculation related
to:
• The estimation of expected credit losses of financial
assets on 12 months or on total lifecycle
• The occurrence of the changes of credit risk (significantly
increase or inverse trend)
• The collection of necessary data for the production of the
information in the notes (annex of financial statement)
CONFIDENTIAL © Sia Partners
122
Financial FinCEN NYSDFS GDPR Data Privacy Cybersecurity
Crime Part 504
IFRS 9
Financial Instruments
On Business
• More closely align hedge
• Review the existing hedged relations and define the new
accounting with risk hedging relations
management activities: • Evaluate the new hedging strategies (analyzing the risk
More transactions are components of non financial instruments to maximize the
proportion to hedge)
eligible as hedges: hedged • Integrate risk management and accounting
items and hedging
instruments On Organization / Process
Less volatility of • Ensure the consistency of the information to provide in
P&L the notes (annex of financial statement) with the new
• Replacing the usage of the IFRS 9 Standards:
Description of the hedging instruments and their
range of 80%-125% as the FV
requirement for prospective Description of the hedge utilized
and retrospective effectiveness Amount of the inefficiency by hedging type
testing with a single prospective Impact on the balance sheet, P&L and equity
Impact on hedging activities on cash flows
test of 3 criteria (amount, timing, uncertainty)
Strategy of the entity in terms of risk management
• Allow using the provisions and its implementation
Hedge Accounting
On Process / IT Systems
• Upgrade systems to implement the new IFRS 9 Standards
in terms of hedge accounting (more hedged elements
and eligible instruments and more information to provide)
• Examine possibilities of integration of the data deriving
from risk management accounting
• Implement risk assessment components of non- financial
hedged elements
• Implement qualitative assessment of hedge effectiveness
• Follow hedging relationships to determine those that
require a “rebalancing” that the hedging relationship is
not interrupted
• Setting the calculation of the fair value of the
components of future contracts, purchased options or
currency swaps (“cross - currency swaps”)
IFRS 13
Review of IFRS 13 Fair Value Measurement
It applies when another Standard requires or permits fair value June 2009
measurements or disclosures about fair value measurements (and “Measurement Uncertainty
measurements based on fair value, such as fair value less costs to Analysis Disclosure for Fair Value
sell), except in specified circumstances in which other Standards Measurements” exposure draft
govern. For example, IFRS 13 does not specify the measurement published
and disclosure requirements for share-based payment transac-
tions, leases or impairment of assets. Nor does it establish disclo- May 2009
sure requirements for fair values related to employee benefits and “Fair Value Measurements”
exposure draft published
retirement plans.
IFRS 13 defines fair value as the price that would be received to November 2006:
sell an asset or paid to transfer a liability in an orderly transaction “Fair Value Measurements”
between market participants at the measurement date (an exit discussion paper published
price). When measuring fair value, an entity uses the assumptions
that market participants would use when pricing the asset or the lia-
bility under current market conditions, including assumptions about September 2005:
risk. As a result, an entity’s intention to hold an asset or to settle or Fair Value Measurement added to
otherwise fulfil a liability is not relevant when measuring fair value. IASB’s agenda
IFRS 13
Review of IFRS 13 Fair Value Measurement
• One jurisdiction requires IFRS Standards for financial institutions but not listed companies:
- Uzbekistan;
• One jurisdiction is in process of converging its national standards substantially (but not
entirely) with IFRS Standards:
- Indonesia; and
Key Definition:
• Fair value:
- The price that would be received to sell an asset or paid to transfer a liability in an orderly
transaction between market participants at the measurement date
• Active market:
- A market in which transactions for the asset or liability take place with sufficient frequency and
volume to provide pricing information on an ongoing basis
• Exit price:
- The price that would be received to sell an asset or paid to transfer a liability
• Principal market:
- The market with the greatest volume and level of activity for the asset or liability
Source (retrieved April 12, 2018): Deloitte microsite for IFRS 13: https://www.iasplus.com/en/standards/ifrs/ifrs13
IFRS 13
Review of IFRS 13 Fair Value Measurement
If the inputs used to measure fair value are categorised into different levels of the fair value
hierarchy, the fair value measurement is categorised in its entirety in the level of the lowest level
input that is significant to the entire measurement (based on the application of judgement).
Level 1:
Level 1 inputs are quoted prices in active markets for identical assets or liabilities that the entity
can access at the measurement date.
A quoted market price in an active market provides the most reliable evidence of fair value and
is used without adjustment to measure fair value whenever available, with limited exceptions.
If an entity holds a position in a single asset or liability and the asset or liability is traded in an
active market, the fair value of the asset or liability is measured within Level 1 as the product of
the quoted price for the individual asset or liability and the quantity held by the entity, even if the
market’s normal daily trading volume is not sufficient to absorb the quantity held and placing
orders to sell the position in a single transaction might affect the quoted price.
Level 2:
Level 2 inputs are inputs other than quoted market prices included within Level 1 that are obser-
vable for the asset or liability, either directly or indirectly.
Source (retrieved April 12, 2018) – Deloitte microsite for IFRS 13: https://www.iasplus.com/en/standards/ifrs/ifrs13
IFRS 13
Review of IFRS 13 Fair Value Measurement
Unobservable inputs are used to measure fair value to the extent that relevant observable inputs
are not available, thereby allowing for situations in which there is little, if any, market activity for
the asset or liability at the measurement date. An entity develops unobservable inputs using
the best information available in the circumstances, which might include the entity’s own data,
taking into account all information about market participant assumptions that is reasonably
available.
Source (retrieved April 12, 2018) – Deloitte microsite for IFRS 13: https://www.iasplus.com/en/standards/ifrs/ifrs13
IFRS 13
Review of IFRS 13 Fair Value Measurement
• the particular asset or liability that is the subject of the measurement (consistently with its
unit of account)
• for a non-financial asset, the valuation premise that is appropriate for the measurement
(consistently with its highest and best use)
• the principal (or most advantageous) market for the asset or liability
• the valuation technique(s) appropriate for the measurement, considering the availability of
data with which to develop inputs that represent the assumptions that market participants
would use when pricing the asset or liability and the level of the fair value hierarchy within
which the inputs are categorised
Guidance on measurement:
IFRS 13 provides the guidance on the measurement of fair value, including the following:
• An entity takes into account the characteristics of the asset or liability being measured that
a market participant would take into account when pricing the asset or liability at measure-
ment date (e.g. the condition and location of the asset and any restrictions on the sale and
use of the asset)
• Fair value measurement assumes an orderly transaction between market participants at
the measurement date under current market conditions
• Fair value measurement assumes a transaction taking place in the principal market for the
asset or liability, or in the absence of a principal market, the most advantageous market for
the asset or liability
• A fair value measurement of a non-financial asset takes into account its highest and best
use
• A fair value measurement of a financial or non-financial liability or an entity’s own equity
instruments assumes it is transferred to a market participant at the measurement date,
without settlement, extinguishment, or cancellation at the measurement date
• The fair value of a liability reflects non-performance risk (the risk the entity will not fulfil an
obligation), including an entity’s own credit risk and assuming the same non-performance
risk before and after the transfer of the liability
• An optional exception applies for certain financial assets and financial liabilities with
offsetting positions in market risks or counterparty credit risk, provided conditions are met
(additional disclosure is required)
Source (retrieved April 12, 2018) – Deloitte microsite for IFRS 13: https://www.iasplus.com/en/standards/ifrs/ifrs13
IFRS 13
Review of IFRS 13 Fair Value Measurement
Valuation techniques
An entity uses valuation techniques appropriate in the circumstances and for which sufficient
data are available to measure fair value, maximising the use of relevant observable inputs and
minimising the use of unobservable inputs.
The objective of using a valuation technique is to estimate the price at which an orderly tran-
saction to sell the asset or to transfer the liability would take place between market participants
and the measurement date under current market conditions.
• market approach – uses prices and other relevant information generated by market tran-
sactions involving identical or comparable (similar) assets, liabilities, or a group of assets
and liabilities (e.g. a business)
• cost approach – reflects the amount that would be required currently to replace the service
capacity of an asset (current replacement cost)
• income approach – converts future amounts (cash flows or income and expenses) to a
single current (discounted) amount, reflecting current market expectations about those
future amounts
In some cases, a single valuation technique will be appropriate, whereas in others multiple
valuation techniques will be appropriate.
Source (retrieved April 12, 2018) – Deloitte microsite for IFRS 13: https://www.iasplus.com/en/standards/ifrs/ifrs13
IFRS 13
Review of IFRS 13 Fair Value Measurement
Disclosure
Disclosure objective:
IFRS 13 requires an entity to disclose information that helps users of its financial statements
assess both of the following:
• For assets and liabilities that are measured at fair value on a recurring or non-recurring
basis in the statement of financial position after initial recognition, the valuation techniques
and inputs used to develop those measurements
• For fair value measurements using significant unobservable inputs (Level 3), the effect of
the measurements on profit or loss or other comprehensive income for the period
Disclosure exemptions:
The disclosure requirements are not required for:
• Plan assets measured at fair value in accordance with IAS 19 Employee Benefits
• Retirement benefit plan investments measured at fair value in accordance with IAS 26
Accounting and Reporting by Retirement Benefit Plans
• Assets for which recoverable amount is fair value less costs of disposal in accordance with
IAS 36 Impairment of Assets.
Identification Classes:
Where disclosures are required to be provided for each class of asset or liability, an entity
determines appropriate classes on the basis of the nature, characteristics and risks of the asset
or liability, and the level of the fair value hierarchy within which the fair value measurement is
categorised. [IFRS 13:94]
Determining appropriate classes of assets and liabilities for which disclosures about fair value
measurements should be provided requires judgement. A class of assets and liabilities will
often require greater disaggregation than the line items presented in the statement of financial
position. The number of classes may need to be greater for fair value measurements catego-
rised within Level 3.
Source (retrieved April 12, 2018) – Deloitte microsite for IFRS 13: https://www.iasplus.com/en/standards/ifrs/ifrs13
IFRS 13
Review of IFRS 13 Fair Value Measurement
Disclosure
Specific disclosures required:
To meet the disclosure objective, the following minimum disclosures are required for each class
of assets and liabilities measured at fair value (including measurements based on fair value
within the scope of this IFRS) in the statement of financial position after initial recognition (note
these are requirements have been summarised and additional disclosure is required where
necessary):
Source (retrieved April 12, 2018) – Deloitte microsite for IFRS 13: https://www.iasplus.com/en/standards/ifrs/ifrs13
IFRS 13
Review of IFRS 13 Fair Value Measurement
Disclosure
Specific disclosures required (continued):
To meet the disclosure objective, the following minimum disclosures are required for each class
of assets and liabilities measured at fair value (including measurements based on fair value
within the scope of this IFRS) in the statement of financial position after initial recognition (note
these are requirements have been summarised and additional disclosure is required where
necessary):
• For fair value measurements categorised within Level 3 of the fair value hierarchy, a
description of the valuation processes used by the entity
• For recurring fair value measurements categorised within Level 3 of the fair value
hierarchy:
• A narrative description of the sensitivity of the fair value measurement to changes
in unobservable inputs if a change in those inputs to a different amount might result
in a significantly higher or lower fair value measurement. If there are
interrelationships between those inputs and other unobservable inputs used in the
fair value measurement, the entity also provides a description of those
interrelationships and of how they might magnify or mitigate the effect of changes in
the unobservable inputs on the fair value measurement
• For financial assets and financial liabilities, if changing one or more of the
unobservable inputs to reflect reasonably possible alternative assumptions would
change fair value significantly, an entity shall state that fact and disclose the effect
of those changes. The entity shall disclose how the effect of a change to reflect a
reasonably possible alternative assumption was calculated
• If the highest and best use of a non-financial asset differs from its current use, an entity
shall disclose that fact and why the non-financial asset is being used in a manner that
differs from its highest and best use*.
• ‘*’ In the list above indicates that the disclosure is also applicable to a class of assets or
liabilities which is not measured at fair value in the statement of financial position but for
which the fair value is disclosed. [IFRS 13:97]
Application is required prospectively as of the beginning of the annual reporting period in which
the IFRS is initially applied. Comparative information need not be disclosed for periods before
initial application.
Source (retrieved April 12, 2018) – Deloitte microsite for IFRS 13: https://www.iasplus.com/en/standards/ifrs/ifrs13
Financial Crime
Financial Crime
Financial Crime
The cost of financial crime to a Financial Institution has a direct impact on people in the
organization, operational processes and information technology that supports the FI.
Evolving regulations
Balancing between regulatory make it hard for
compliance and seamless systems and process to
customer experience. remain updated with
the latest requirements
The challenges results in limited success in staving off threats and meeting regulatory
requirements. With the increased scope of financial crimes and regulatory liabilities,
financial institutions should regular review and enhance their approach to risk mitigation
and compliance.
1970:
Currency and Foreign
Transactions Reporting Act is
Principles and Objectives passed in the US.
The beneficial ownership requirement will address the failure to conduct CDD on beneficial owners,
and provide information that will help prevent financial crimes. improve the ability of financial ins-
titutions to assess risk, facilitate tax compliance, and advance U.S. compliance with international
standards and commitments.
As this new requirement is effective in May 2018, banks may need help implementing and updating
their P&Ps for the new standard. Assessment of existing P&P could also be done to provide a gap
analysis and remediation action, if necessary.
Fine
Date Institution Key Reason
(USD)
Jul Subsidiary of FDIC determined that the bank failed to implement an effective BSA/ $140
2015 Global US Bank AML Compliance Program over an extended period of time. million
Feb Bank processed 159 banned transactions which were for corporate
$2.48
2016 Global UK Bank customers of Bank’s Zimbabwe subsidiary that were owned 50
million
percent or more, directly/indirectly, by a company on OFAC’s List.
May Inadequate compliance and process systems to detect red flags, and
US Financial $17
2016 not conducting due diligence review on foreign financial investments
Services Firm million
causing widespread failures related to the firms’ AML programs.
Client Profile
• Name Insufficient screening capability and
• Address manual Due Diligence Process
• Identification Number – Tax ID Number
• Nature of Business Lack of effective risk rating process and
procedure
Beneficial Ownership and Controllers
• Control Prong Due diligence process not reflective to AML
policies
Relationship
• Length of Relationship Lack of quality in customer data, including
• Source of Funds beneficial owners, control prong, controllers
• Account Type data, and required legal documentation
• Expected Transaction Volume and Account
Balance Lack of resources to perform Periodic
Reviews
Screening, Sanctions, PEPs, Negative News
• World Check Risk profile of customer does not quickly
• Authorized Signers update reflective to material news received
• Beneficial Owners
• Risk Rating
BSA/AML Customer Due Diligence, commonly referred to as Know Your Customer (“KYC”), be-
gins with client on-boarding and does not end until the client terminates its relationship with the
financial institution, which makes up the “customer lifecycle”. Thus, KYC is needed at all phases
of the lifecycle in order to re-examine the adequacy and accuracy of customer data, as well as
immediately minimize AML risk exposure.
An efficiently implemented KYC program provides banks with the advantage of conducting due
diligence and periodic reviews with minimal allocation of resources. An efficient system ope-
rates actively and is able to adjust a multi-factored risk-rating in accordance to ever-changing
compliance standards.
• Scope:
- New York State (U.S.) based Financial Institutions
- Anti-Money Laundering (AML) transaction monitoring / reporting June 2014:
NYS DFS Press Release notifiying
• Targeted products: all financial instruments Financial Institutions of the
Effective Date
• Regulatory topics:
- Transparency and reporting
- Investor protection December 1, 2015:
NYS DFS Part 504 initial proposal
• Related regulations (implementation in tandem): was announced by NY State
- NY State Statutory authority: Banking Law §§37(3)(4); Financial Governor Andrew Cuomo
Services Law §302).
2. May a Regulated Institution submit a certification under 3 NYCRR 504.7 if it is not yet in
compliance with the requirements of Part 504?
The Department (NYS DFS) expects full compliance with the regulation. A Regulated Institution
may not submit a certification under 3 NYCRR 504.7 unless the Regulated Institution is in com-
pliance with the requirements of Part 504 as of the effective date of the certification.
3. Should a Regulated Institution send additional documentation along with the certification
proving that the system is in compliance?
The Regulated Institution must submit the compliance certification to the Department and is not
required to submit explanatory or additional materials with the certification. The certification is
intended as a stand-alone document required by the regulation. The Department also expects
that the Regulated Institution maintains the documents and records necessary that support the
certification, should the Department request such information in the future. Likewise, under 3
NYCRR 504.3(d), to the extent a Regulated Institution has identified areas, systems, or pro-
cesses that require material improvement, updating or redesign, the Regulated Institution must
document such efforts and maintain such schedules and documentation for inspection during
the examination process or as otherwise requested by the Department.
4. Does the Department require a pre-implementation testing for systems the Regulated Insti-
tutions used that that were operational prior to the Regulation?
The Department will not require full end-to-end, pre implementation testing of systems that the
Regulated Institution uses that were operational prior to the effective date of the regulation,
as is required when adopting new systems. However, under 3 NYCRR 504.3(a)(2), Regulated
Entities’ systems and programs must “be reviewed and periodically updated at risk-based
intervals” and thus Regulated Institutions are expected to conduct periodic risk based systems
testing and data validation on all systems that support the transaction monitoring and filtering
program.
5. Does the Department require the Regulated Institution to conduct a vendor selection for the
systems that are already in place prior to the Regulation?
The Department does not require a Regulated Institution to conduct a vendor selection process
for vendors that were engaged prior to the effective date of the regulation, as is now required
when hiring a new vendor to acquire, install, implement or test the transaction monitoring and
filtering program. However, on an ongoing basis, 3 NYCRR 504.3(c)(7) requires Regulated Ins-
titutions to engage qualified personnel or outside consultants for these purposes and as such
Regulated Entities should have processes in place to confirm that the personnel and vendors
it has engaged to execute its transaction monitoring and filtering program are qualified and
competent.
Source: NYS DFS website (updated by NYS DFS as of April 9, 2018), retrieved April 15, 2018: https://www.dfs.ny.gov/legal/dfs/
trans_monitor_faqs.htm
Frequently Asked Questions regarding Part 504 (as of April 9, 2018): CONTINUED
• Final adoption publication, online:
https://www.dfs.ny.gov/legal/regulations/adoptions/dfsp504t.pdf
Source: NYS DSF website (updated by NYS DFS as of April 9, 2018), retrieved April 15, 2018: https://www.dfs.ny.gov/legal/dfs/trans_
monitor_faqs.htm
CONFIDENTIAL © Sia Partners
141
Living Wills Legal Entity CRS IFRS 9
Identifier
871(m) IFRS 13
GDPR
Strengthening and harmonizing EU data protection rules
Key Facts:
• Title: The General Data Protection Regulation (Regulation (EU) 2016/679)
• Publication date: 14th April 2016
• Effective date: 25th May 2018
• Scope: The regulation applies to any EU firm and any firm worldwide that holds personal data
on EU data subjects
• Regulatory topics:
- Data protection and data subject rights
- Lawfulness of data processing
- Data breaches
- Consent for collection
- Governance - Data Protection Officer (DPO)
• Related regulations/ directives:
- Replaces the EU Data Protection Directive 1995 (officially Directive 95/46/EC)
- Replaces the UK Data Protection Act 1998
- Being implemented as the UK Data Protection Bill 2017
The regulation goes beyond the requirements of the previous Data Protection Act of 1998 increa-
sing the standards for data protection and applies to the processing of personal data from the
B2B and the B2C world, there is not a differentiation. A key requirement is that the consent of an
individual to data processing activities must be unambiguous. Consent cannot be implied from
inaction but must be the result of a positive action by the individual.
There are significant impacts on firms, notably the fines for non-compliance of up to €20mn or
4% of annual turnover, whichever is greater
GDPR
GDPR introduces a number of key new obligations
• 72 hour data breach notification • Data capture and retention • Provide information in a
requirement must be limited to the minimum ‘’transparent, intelligible, and
• Ensure level of security requirements specific to the easily accessible form
appropriate in light of the risks stated purpose of its use
Data Consent
GDPR
GDPR impacts your governance, information systems, reporting and processes
We have identified 4 key operational impacts: governance, information systems, reporting and processes.
Based on our experience, processes and information systems are the most impacted parameters
Governance
• Implement a self-sufficient data protection
framework
• If necessary, appoint a Data Protection Officer
(DPO) and ensure effective communication
across your departments and DPO
• Create a network of correspondents to ensure
communication effectiveness
Information systems Sia Partners Impact Index
GDPR
Common misconceptions around the GDPR
Misconception Analysis
I AM ONLY • The GDPR applies to the processing of personal data, and does not
PROCESSING B2B differentiate between personal data from the B2B and the B2C world
DATA, SO THE GDPR IS • Personal data in the B2B world includes work email address, work
NOT FOR ME direct dial number, name job title and workplace postal address
because all these data identify a living individual
I DON’T PROCESS DATA • The GDPR applies to personal data which are processed
AUTOMATICALLY, > automatically (e.g. profiling), partially automatically
THE GDPR IS NOT FOR > processed by any other means, including manual processes
ME (i.e. by a human being)
ALL I NEED TO DO IS TO • The GDPR increases the standards of already existing obligations
REVIEW AND UPDATE related to data protection
MY PRIVACY • There are additional policies that need to be written but more
POLICIES AND PRIVACY importantly there is an underlying need to understand your data: how it
NOTICES TO COMPLY has been handled, used and shared and embed these changes into your
WITH THE GDPR business practices
• The GDPR increases the standards for data protection, including the
I HAVE THE CONSENT requirement that consent of an individual to data processing activities
OF INDIVIDUALS TO must be unambiguous
USE THEIR DATA, • Consent cannot be implied from inaction but must be the result of a
I DON’T NEED TO positive action by the individual
IMPLEMENT THE GDPR • Marketers will have to review their way of collecting consent from
individuals to receive communications
BRITAIN IS LEAVING • The rules apply to any firm holding data on EU data subjects
THE EU SO THIS WON’T • The rules will apply in advance of Britain leaving the EU, meaning that
APPLY TO ME British firms will need to implement the rules to avoid non-compliance
• Finally, similar standards will be adopted into UK law separately through
the Data Protection Bill
• A number of local regulators in Asia have undergone a thorough review of their local data privacy laws,
following GDPR publication:
Hong Kong Data Privacy Commissioner Stephen Wong has appointed his bureau to
conduct an extensive review of the data-protection regime in Hong Kong.
The objective is to point to considerable shortfalls between Hong Kong and EU law
and propose recommendations on changes to local law.
The Privacy Commissioner of Personal Data has issued a non-binding guidance
booklet in April 2018, which highlights the new concept and possible impact of GDPR
to Hong Kong businesses.
Tan Kiat How, Head of the Personal Data Protection Commission of Singapore, has
announced to plan significant amendments to the current Act.
His bureau is reviewing the Personal Data Privacy Act (PDPA) and have identified
some issues to address in the coming year, with a plan to review the consent
regime, data protection certification framework and data breach notification
Japan’s reformed privacy law came into full force May 30, 2017 to reduce the
differences with the GDPR. The establishment of the Personal Information
Protection Commission in Japan, which is dedicated to the establishment and
enforcement of privacy regulations, significantly enhances Japan’s privacy law
system.
CONFIDENTIAL © Sia Partners
146
Financial FinCEN NYSDFS GDPR Data Privacy Cybersecurity
Crime Part 504
Right to be informed
Data protection by design and by default
Right of access Right to object
Right of rectification Data Protection Officer
Under GDPR, the data subjects have the right to With regard to the consent
The right to object, regardless of the process purpose, at any process mentioned earlier,
object (to time to processing of personal data, unless the companies will have to
profiling) data controller can demonstrate the legitimate review their privacy notices
ground. and implement a more
comprehensive process
Gaps with Such right only applies to direct marketing for to collect consents and
PDPO PDPO objections.
The Organisations in Hong Kong and Singapore need to make numerous changes if they need to be
compliant with GDPR, with impacts expected on:
Data Privacy
Overview of Asian Framework
on
ata ata te cti
D D ro
al al
r son r son t he P tion
Pe ce e
|P t
n
t o form
a
ng | inan r e c A c
o d o
ap ion A | l In
ng K y) Or ng t pan sona
Ho ivac i
S tec Ja Per
(Pr Pro of
CORE PRINCIPLES
Data Privacy
Overview of Asian Framework
• Data users are required not to use personal Collect express content of the
Use data collected for a new purpose without the customer before using data for
express consent of the customer. a new purpose.
Data Privacy
Overview of Asian Framework
• Requires a data user to take all practicable Data users should formulate
steps to ensure openness and transparency and make available to
about its personal data policies and customers their Privacy Policy
Information practices, the type of personal data it holds Statements stating in detail the
to be and the main purposes for which the data is kind of personal data held, the
generally used. main purposes of use of each
available type of personal data and their
privacy policies and practices
in place.
Cybersecurity
Global Financial and Legal Cybersecurity Regulation Actors and Frameworks
Cybersecurity
Cybersecurity initiatives with Global impacts
Key Facts
• Financial Services is the most impacted industry sector in term of cyber crime
• Financial services industry faces a rapidly evolving threat and sophistication of cyber attacks
lead to significant risk for the stability of financial systems and operations
• Financial services industry faces more strict government regulatory climate
• Financial institutions need to enhance the resilience of financial systems and embrace a ful-
ly dynamic approach, controlling risk scenarios & protecting assets of itself and customers
Cybersecurity
Recent federal moves in the US
Cybersecurity
Other significant cybersecurity initiatives
Cybersecurity
Other significant cybersecurity initiatives
Guidance:
2018 Regulatory and Examination Priorities Letter – Cybersecurity being one of the key item
Notices:
2015 Notice on Distributed Denial of Service (DDoS) Attacks on Member Firms
2012 Hoax Emails That Purport to Be From Regulators
Regulations:
i. S-P (17 CFR §248.30): firms to adopt written policies and procedures to protect customer
information against cyber-attacks and other forms of unauthorized access
ii. S-ID (17 CFR §248.201-202): firm’s duties regarding the detection, prevention, and mitigation
of identity theft
iii. The Securities Exchange Act of 1934 (17 CFR §240.17a-4(f)), requires firms to preserve
electronically stored records in a non-rewriteable, non-erasable format
Cybersecurity
Phase 1 Ais
Jun 2018:
iCast implementation
Sept 2017:
Inherent risk and maturity
assessment
Introduction
• For the 12 months ended September 2016, a sensitive increase of security breaches, com-
promised online client trading accounts and unauthorized transactions with 16 incidents
reported to SFC in which involved 7 securities brokers and total unauthorized trades in
excess of HKD$100 million.
• SFC put highest priority on cybersecurity management and suggests a range of control
measures, including self-assessment and questionnaire.
The three pillars of the new cybersecurity review History and Agenda
New Cybersecurity Review
Oct 2016:
First pillar Second pillar Third pillar “SFC Circular on Internet,
Issue a questionnaire to Onsite inspections of selected Benchmarking the SFC
assess brokers for the review of regulatory requirements mobile trading systems”
• Assessment
• Licensed Corporations (LCs) • Implementation of previous • Sia Partners conducts similar
confidentiality, integrity and Circulars activities globally and knows •Sensitization of the client on
contingency • information security posture major regional actors securities vulnerabilities and
• Relevant functionalities for and readiness initiatives (HKMA, MAS …) as
data protection (customer) • Cyberattacks detection and well as best-in class industry risks
• cybersecurity
management and governance
risks Prevention capabilities players • Benchmarking the SFC regulatory
requirements and market
practices in Hong Kong
Strengthening threat, effective user
1 intelligence and 4 authentication and access
vulnerability management controls 6 key controls
to be reviewed
Reliable preventive, contingency plan and
2 detective and monitoring 5 cyberattack scenarios
measures Mar 2016:
Vigilance monitoring Raising awareness of the “SFC Circular on
3 unusual logins / 6 customer Cybersecurity”
transactions (new area of focus) • Review and assessment of the
cybersecurity risks
• Cybersecurity management
Review and assessment of cyber risks
1.
û Inadequate coverage of cybersecurity risk assessment exercises
2.
û Inadequate cybersecurity risk assessment of service providers 5 key areas of
3.
û Insufficient cybersecurity awareness training concerns for
4.
û Inadequate cybersecurity incident management arrangements SFC
5.
û Inadequate data protection programs
Time “Three”
phases
Cyber Security assessment Results Analysis APPROACH
Scoping Implementation
Security campaigns
Prioritiziation
TO BE DEFINED AT
THE END OF
ASSESSMENT
• November 2017, The Asia Pacific Financial Services Infor- November 2017:
mation Sharing and Analysis Center’s office is launched MAS launches FS-ISAC on
by MAS to support 49 Financial Institutions across 9 Cyber Information Sharing
countries
• The next cyber security strategy will be decided by the Cabi- July 2018:
net coming July 2018. Following recent large-scale breach Formulation of next cyber
and successful hacks targeting cryptocurrencies in Japan, security strategy
Sia Partner believes that the wave of regulation may expand
to cutting-edge technologies such as IOT and block chain.
Also, extension of the scope of the coming Cybersecurity
Strategy, may apply to smaller companies may make sense. March 2018:
Draft legislation amends part
of the cyber security basic
law
Recent moves in Japan
• In 2017, the ''Cyber Security Management Guidelines'' establi-
shed by METI in 2015 is amended. It promotes cyber security March 2018:
measures for large and medium enterprises.
Revision of cyber security
management guidelines
• The Act for Protection of Personal Information (APPI) was
substantially amended and strengthened in 2015 to align with
foreign regulation such as the EU GDPR. These changes came
into force on May 30, 2017. May 2017:
• Amended APPI Act comes
• The Personal Information Protection Commission (PPC) is the
into effect
national regulator for data privacy. While it does not have the
ability to impose fines, it can prosecute with criminal sanc- • Personal Information
tions and has significant inspection and audit powers as well Protection Commission
as the power to request companies to submit evidence and operations begins
compliance reports.
200 1999 2x
M$ Revenue Date created Sustained double digit
in 2018 growth (resilient)
21 1,200+ 41+
Offices worldwide Consultants Nationalities
Key Figures
David Hollander
Head of Singapore office
david.hollander@sia-partners.com
+65 6635 3433
Naoyuki Miyazaki
JAPAN
Manager
naoyuki.miyazaki@sia-partners.com
+81 80 4790 9890
Driving Excellence
Follow us on LinkedIn and Twitter @SiaPartners
And our blog: en.finance.sia-partners.com