On 8 May 2024, the Director of Securities and Markets Supervision of the Central Bank of Ireland (“Central Bank”), Patricia Dunne, gave a speech on Wholesale Market Conduct. In recent years, the financial markets landscape has undergone significant changes, which have resulted in changed investor behaviour, regulatory reforms and hybrid-working. However, the principles underlying the Central Bank’s supervision of securities markets have not changed. Director Dunne’s speech discusses the Regulatory and Supervisory Outlook 2024; risk management; legal-entity ownership; ongoing assessment; and trade surveillance capabilities.

Regulatory and Supervisory Outlook 2024

Regulated entities have a vital role to play in ensuring market integrity, and the market conduct risk framework is key to ensuring this. Director Dunne noted that firms’ ambitious growth strategies may place greater demands on risk and control management frameworks, increasing reliance on surveillance systems and creating a greater need to produce relevant and timely market integrity. 

The Central Bank expects firms to adopt a proactive and forward-looking approach to risk management, and has consistently communicated this to industry as far back as 2019 when it indicated that firms, boards and senior management must be proactive in their approach to wholesale market conduct risk management and take the requisite steps to ensure that risks are appropriately mitigated and managed.

Risk Management

Since 2019, there have been improvements by some investment firms in relation to wholesale market conduct risks, however, there have been issues with larger firms in particular, regarding risk management frameworks. A recent assessment of conflicts of interest framework indicated that firms did not have a “comprehensive, documented view of all relevant risks they are exposed to”. Others were unable to demonstrate adequate awareness of potential conflicts arising from their business models or map associated mitigating controls. Consequently, firms were vulnerable to unforeseen threats which may affect their own stability and reputation, as well as the market as a whole. The conflict of interest review also found governance failures and outdated policies and procedures and that these were not reviewed appropriately to ensure that they remained fit for purpose.

Legal Entity Ownership

In this context, Director Dunne noted concerns that some entities may be “takers of group risk identification and controls design processes”, placing a high level of reliance on the group to identify conduct risks applicable to its business and put in place appropriate controls. Local entities often failed to carry out proactive, formal risk assessments at a legal entity level or how market conduct risk events may impact their entity specifically.

Ongoing Assessment

Firms must have effective systems in place and controls to mitigate and manage risks arising from its trading activity. Risks from ineffective pre-trade controls for both manual and algorithmic trading activity were identified in the Central Bank’s own risk scanning exercise, and a supervisory focus at a European level by the European Securities Markets Authority. The Central Bank also carried out a Thematic Assessment of Pre-Trade Controls which examined firms’ frameworks for establishment, operation and oversight of pre-trade controls and aims to identify how investment firms have implemented overarching pre-trade control frameworks.

ESMA also launched a common supervisory action (“CSA”) in January 2024 to assess the implementation of pre-trade controls by EU investment firms using algorithmic techniques. The findings of the Central Bank’s assessment will guide the Central Bank’s response to the ESMA CSA.

Director Dunne identified some of the high-level preliminary findings of the Central Bank’s thematic assessment including shortcomings in the overall documentation of pre-trade control frameworks; inadequacies in testing and reporting and the calibration and periodic review of the controls; and a lack of management awareness or ownership of pre-trade control frameworks. Once the review is finalised, the Central Bank will provide more communication.

Trade Surveillance Capabilities

Following the growth in securities markets in Ireland, the Central Bank acquired a new trade surveillance tool which is being incorporated into the overall market integrity surveillance framework and is strengthening the Central Bank’s capabilities in its surveillance. The tool enables the Central Bank to integrate data from a number of different sources including data from Multilateral Trading Facilities, MiFIR Transaction Reporting data, relevant market news and reference data. Director Dunne also noted that the tool is also capable of incorporating capabilities for crypto trading surveillance. 

On 1 May 2024, the Central Bank of Ireland ("Central Bank") issued three guidance documents for firms seeking authorisation as MiFID investment firms under the European Union (Markets in Financial Instruments) Regulations 2017 (S.I. 375 of 2017) ("MiFID II Regulations").  These guidance notes aim to assist applicants in preparing and submitting their applications and to outline the Central Bank’s expectations and assessment criteria, comprising of:

• Authorisation Guidance Note for MiFID Investment Firms - Preliminary Meeting Pre-Application Presentation;
• Authorisation Guidance Note for MiFID Investment Firms - Key Facts Document; and
• Authorisation Guidance Note on Completing an Application Form for Authorisation as a MiFID Investment Firm. 

Below we have provided a high-level overview of each guidance note published by the Central Bank.

1. Authorisation Guidance Note for MiFID Investment Firms - Preliminary Meeting Pre-Application Presentation

This  guidance note relates to an applicant firm’s pre-application presentation to be submitted in advance of a preliminary meeting with the Central Bank.  The Guidance Note aims to assist applicant firms to evaluate their readiness to request a preliminary meeting with the Central Bank before commencing the authorisation process.  The preliminary meeting is an opportunity for applicant firms to have an early engagement with the Central Bank and to receive an overview of the application process, the authorisation expectations and the indicative timelines.  The main purpose of the meeting is for the applicant firm to provide the Central Bank with a high-level overview of its proposals, covering aspects such as:

• the proposed business model;
• rationale for seeking authorisation;
• regulatory permissions & current regulatory status;
• ownership structure;
• business model information;
• financial resilience;
• governance arrangements; and
• timelines / readiness.

The guidance note states poor quality presentations may lead to a conclusion that the applicant firm is not ready to proceed to the next stage of the authorisation process and may be advised to request another preliminary meeting at a later point.

The guidance note advises the applicant firm to submit the presentation, which should not exceed 30 slides, in slide-deck format at least 15 working days in advance of the meeting date and to ensure that the presentation is comprehensive, clear and concise.

2. Authorisation Guidance Note for MiFID Investment Firms - Key Facts Document

This guidance note outlines the purpose, content and expectations of the Key Facts Document (“KFD”), which is a high-level summary of the applicant firm's proposed business and operational model and associated risks.  The KFD is submitted by the applicant firm subsequent to the preliminary meeting with the Central Bank and prior the formal application filing.  The guidance note provides applicants with an indicative structure and content for the KFD, which should cover items such as:

• the scope and rationale for authorisation;
• the background of the applicant firm;
• the business model;
• the client assets;
• the clients;
• the governance and staff resourcing arrangements; and
• the financial and prudential capital projections.

The guidance note also includes several templates and examples of appendices that must be completed as part of the KFD.

Authorisation Guidance Note on Completing an Application Form for Authorisation as a MiFID Investment Firm

This guidance note provides information and advice for potential applicants on the application process and application form requirements of the Central Bank for establishing an investment firm in Ireland under the MiFID II Legislation.  The guidance note, covers the following topics across a number of sections and appendices:

• the application process, including the following stages: preliminary meeting, key facts document, formal application, review and decision, and the expected timeframes and documentation for each stage, where relevant;
• the obligations of an investment firm, including a non-exhaustive list of the relevant legislation and requirements that an investment firm authorised under MiFID II must comply with;
• guidance on completing the application form, including instructions, and the specific information and supporting documentation that must be provided by the applicant; and
• detail relating to post authorisation, including the expectations and supervision framework for newly authorised investment firms, and the conditions and process for amending or expanding their investment services.

These guidance notes should be closely reviewed by all firms in the exploratory stage of filing an application to the Central Bank for authorisation under the MiFID II Regulations.  

Central Bank update on the impact of MiCA on VASPs

On 2 May 2024, the Central Bank of Ireland (“Central Bank”) published an update on the impact of the Markets in Crypto Assets Regulation (“MiCA”) on Virtual Asset Services Providers (“VASPs”). MiCA will become applicable for Crypto Asset Service Providers (“CASPs”) from 30 December 2024.

The Central Bank’s website notes that firms registered and operating under the VASP regime prior to 30 December 2024 will be permitted to continue to operate for up to 12 months after that date (transitional period) or until their CASP registration under MiCA is refused of granted, whichever is sooner. Therefore, only firms registered as VASPs prior to 30 December 2024 can avail of the transitional period.

The webpage suggests that the VASP registration process will not formally close. However, the Central Bank has highlighted that the length of time for a VASP authorisation is on average 10 months, indicating that firms should not spend their time on VASP authorisations as they will likely not be finalised before the transitional period commences, and therefore will not be able to avail of the transitional period.

The webpage does not include any update as to when the MiCA licensing process will commence, we will continue to monitor this and update clients of any developments as they unfold.

On 7 May 2024, the European Banking Authority (“EBA”) published final reports on 3 draft sets of regulatory technical standards (“RTS”) and one draft set of implementing technical standard (“ITS”) under the Markets in Crypto Assets Regulation (“MiCA”):

• final report on draft RTS on information for assessment of a proposed acquisition of qualifying holdings in issuers of asset-referenced tokens (“ARTs”) under MiCA;
• final report on draft RTS on the procedure for the approval of white papers of ARTs issued by credit institutions; and
• final report on draft RTS and ITS on information for authorisation as issuers of ARTs under MiCA.

The EBA carried out public consultations in July 2023 and October 2023 on the draft RTS and ITS. Following the feedback received from these consultations, certain amends and clarifications have been made in the final reports:

• the RTS on authorisation have been amended to clarify that:
  (a) the applicant issuer may only be a legal person or undertaking established in the EU; and
  (b) while the issuer is not subject to authorisation, an application may only be submitted by an applicant issuer, and therefore only an issuer may be granted authorisation.

• the ITS on authorisation confirm that as credit institutions are only required to receive approval to publish a white paper, the RTS and ITS on authorisation do not apply to credit institutions;
• while credit institutions do not need authorisation to issue ARTs, they must notify its competent authority and the white paper must be submitted to the competent authority for approval;
• recitals restating the obligation to comply with the privacy regime have been added to the RTS on information for authorisation and to the RTS on information for notification of proposed acquisition of qualifying holdings; and
• the RTS for the procedure for the approval of white papers for ARTs by credit institutions set out the timeframes that credit institutions, competent authorities and the European Central Bank must follow during such a procedure.

Next Steps

The EBA must now submit the final draft RTS and ITS to the European Commission for endorsement. The RTS will also be subject to scrutiny by the European Parliament and the Council of the EU. Following these steps, the RTS and ITS will then be published in the Official Journal of the EU.

On 2 May 2024, the European Insurance and Occupational Pensions Authority (“EIOPA”) published its  Peer Review Report on the Supervision of the Prudent Person Principle (“PPP”) under Solvency II (“Report”). PPP requires (re)insurance companies to only invest in assets whose risks “they can properly understand, monitor and manage while bearing in mind the best interests of policyholders and ensuring the overall security, liquidity and profitability of the portfolio as a whole” The peer review was carried out by EIOPA members and representatives of national competent authorities (“NCAs”), in light of the importance of the investment activity for the insurance business model.

The peer review focused primarily on the supervision of investments in non-traditional or more complex assets, and of assets backing unit-linked and index-linked (“UIL”) contracts where the risk is borne by policyholders. 24 Member States took part with varying levels of engagement, and Ireland was one of 13 Member States that were in full scope.

Overall Key Findings

The main findings of the Report were set out under 6 broad topics:

• supervisory framework implemented by Member States to regulate and supervise the compliance with the PPP;
• overall prudence of the investment portfolio;
• risk stemming from individual asset classes with a focus on derivatives and complex/non-traditional investments;
• process and procedures related to the valuation of investments;
• supervisory activities carried out by NCAs; and
• specificities of UIL business.

In total EIOPA made 49 specific recommended actions addressed to 22 NCAs. The top 3 areas with the highest number of recommended actions were:

• the supervision of complex/non-traditional investments (11 recommended actions);
• derivatives (8 recommended actions); and
• the use of tools and indicators; and the managing of assets in the best interests of the policyholders (both has 7 recommended actions).

Ireland

Recommended Actions

The Central Bank of Ireland (“Central Bank”) was given a recommended action in 2 separate areas:

• Individual investments: Recommended Action 5: Derivatives

The Central Bank was recommended to ensure a common understanding and application by (re)insurance undertakings of the use of derivatives for efficient portfolio management, issuing either guidance to the market, to set out clear expectations, or internal guidance to support supervisory staff in this regard. Guidance in this regard can be found in EIOPA's Supervisory Review Process handbook. 8 out of the 9 in scope NCAs received this recommended action.

• Specificities of UIL Business: Recommended Action 9: Managing assets in the best interests of policy holders

The Central Bank was recommended to formulate and communicate to insurance undertakings specific expectations regarding the assessment of whether investments backing UIL contracts are made in the best interests of policy holders. These expectations should address, in particular, the appropriate controls relating to the selection and monitoring of specific investment vehicles. Communication should be carried out in a formal manner (e.g. guidelines, circulars, letters to the market, publications on websites, other type of publication) or via supervisory activities (through off and on-site inspections or other supervisory actions) based on internal supervisory guidance. When following up on this recommended action, it is suggested to consider the interlinkages with the supervisory approach under the Insurance Distribution Directive, including any ongoing work to review that approach. 7 out of the 17 in scope NCAs received recommended actions.

Best Practice

Interestingly the Central Bank was the only NCA which EIOPA highlighted as having a “best practice” in this area. The best practice related to the Central Bank’s use of indicator and tools to define their supervisory priorities. The Report provided a high level summary of same:

• The Central Bank has identified 28 Key Risk Indicators (“KRI”) for market and liquidity risk, and utilises an IT tool in the form of an investment risk dashboard;
• The Central Bank’s planning process starts in August of the previous year and includes sector wide risk scanning along with consideration of the NCA and EIOPA priorities, resulting in the development of undertaking level supervision plans. Each undertaking level plan will consider investment risk, and if a comprehensive review is required during the period;
• An Investment Risk Dashboard was designed to help assist in the completion of the risk assessments. There are KRIs for market risk and liquidity risks based on the Balance sheet totals of the various asset types. Some KRIs trigger if the total in the asset type is above a threshold % of total assets and some trigger if the asset type increases or decreases by a certain %. These KRIs look at the Balance sheet level of asset classes and flag large movements or if an undertaking is holding a large % of certain asset types. The share of nontraditional investments, share of sub-investment grade bonds, ratio of assets valued using alternative valuation methods would be covered during risk assessment by supervisors.

Next Steps

EIOPA will monitor the compliance of NCAs with its recommended actions and will consider how best to incorporate the findings of the peer review into its supervisory convergence work.

The European Central Bank (“ECB”) has published its Opinion on a proposed directive on payment and electronic money service (PSD3”) and the proposed regulation on payment services in the internal market (“PSR”) dated 30 April 2024 (“Opinion”). The Opinion was delivered following requests from the European Parliament and the Council of the European Union in September 2023, and March 2024. The ECB welcomed the proposed directive and regulation, and its aims to strengthen user rights and protections against fraud; improve competitiveness of open banking; improve the enforcement and implementation; and improve access to payment systems and bank accounts for non-bank payment service providers (“PSPs”).

Some of the key observations from the Report are outlined below:

General Observations

The ECB welcomed several of the proposed measures including stronger customer authentication and the extension of the IBAN/name of payee verification; the obligation for PSPs to have a dedicated interface for data access; greater harmonisation with existing provisions; and proposed integration of licensing regimes for payment and e-money institutions. The ECB also welcomed the increased clarity on “open-banking” rules and the exclusion of licencing requirements for operators of payment systems and payment schemes.

In principle, the ECB noted that it supports the need for all payment systems to have objective, non-discriminatory, transparent and proportionate rules on access to payment systems in place along with clarifications on admission and risk assessment procedures. Therefore access to payment systems should only be granted when all necessary risk mitigation requirements are in place, and the proportionality principle considered so as to ensure broader direct access does not impact the risk and resilience of payment and settlement systems. The ECB also welcomed the recognition of the discretion of the central banks belonging to the European System of Central Banks to decide whether to offer services for the safeguarding of users’ and other specified funds.

Crypto Assets

The ECB highlighted that it is important for legislators to consider the interplay between the proposed acts and MiCA. Additional actions should also be considered to assess the impact of the provision of crypto-lending services which are currently not covered by MiCA or any other EU legislation.

BigTech

The ECB welcomed the considerations by the European Supervisory Authorities in their report on BigTech direct financial services provision within the EU, and cautioned that the concentration risks of BigTech’s activities go beyond the scope of DORA. Legislators may wish to reflect on these risks and level playing field considerations when considering the scope of different licences. From a payment perspective, the ECB recommends that the legislators should ensure a level playing field regarding the use and sharing of data, particularly where allowing a business to add a new role as a PSP to an existing business.

The ECB is concerned that existing prudential and consolidation frameworks were not designed with those developments in mind, and large, complex, non-bank groups could provide services that resemble services provided by credit institutions without being subject to the same prudential requirements. The ECB acknowledged that some Member States have subjected payment institutions that provide banking like services to some prudential requirements. However, the lack of a harmonised EU approach means that important prudential risks may remain unaddressed as supervisory authorities lack appropriate mandates for group-wide and cross-border activities, increasing regulatory arbitrage concerns. The ECB invites legislators to:

• firstly consider how best to ensure that competent authorities are adequately informed regarding all direct and indirect financial activities conducted by large and complex non-bank groups and relevant information is shared between competent authorities. Only after this will it be possible to aggregate information to establish a comprehensive overview of the financial activities of such groups and ensure they operate within the boundaries of the regulatory framework; and
• secondly expand the range and use of supervisory tools to include the ability to impose prudential consolidation requirements on groups of payment institutions and to place payment institutions into liquidation; and the prudential regime applicable to such institutions in the proposed legislation.