The Asset Management Sector– supervisory insights with a changing landscape - Michael Hodson, Director of Asset Management Supervision

19 April 2018 Speech

Central Bank of Ireland

Good evening ladies and gentlemen.

It is a pleasure to join you at this event today, which has been kindly organised by Duff and Phelps.

In preparing for this speech, it dawned on me that we are now nearly a third of the way through 2018. We have already seen MiFID II go live, while Brexit continues to edge closer and all of the CP86 obligations will be applicable from July. In a nutshell, the asset management sector continues to evolve at a rapid pace presenting both challenges and opportunities. This means that you all need to be planning for these changes and emerging risks, because as supervisors, we will not shy away from probing and asking the hard questions.

With that in mind, my plan today is to provide you with an insight into the Central Bank’s supervisory focus for 2018, covering the work we have done to date and what is planned for the rest of the year.  I will start with two of those areas of supervisory focus that I am sure are front and centre in your thoughts, Fintech and Brexit and follow by a brief mention of GDPR.

FinTech

FinTech is, broadly speaking, technology-enabled innovation in financial services.  Now, this commonly used definition brings together, in a single concept, a wide spectrum of disparate technologies that are all linked, primarily, through their application in financial services. And secondarily, by their potential to disrupt traditional structures within it.  We are, and have been seeing, a sea change across the financial services industry due to technologies such as automated advice, distributed ledger or blockchain technology, virtual currencies, initial coin offerings, Big Data analytics and Regulatory Technologies (RegTech), just to name a few.

The adoption of these technologies has significant implications for both regulators like the Central Bank, and industry— with the funds industry by no means immune: from changing the way assets are allocated to driving efficiencies in the back office. The accelerated pace of change raises two fundamental questions:  what should regulators be doing, and what should firms be doing.

For firms, aside from the challenges and opportunities presented by new technologies and new competition, the spread of FinTech raises the decidedly less glamorous and disruptive issues of outsourcing and systems testing. As firms make use of technologies provided by start-ups or other FinTech firms, the traditional wisdom on outsourcing applies: firms may outsource the function, but not the responsibility. Firms are expected to do their due diligence on outsourced service providers and effectively monitor those arrangements. This is the case regardless of whether a particular service is considered FinTech. Similarly, firms that develop and employ new technologies themselves are similarly expected to engage in the same robust level of testing and oversight as they would for traditional solutions. It is important to remember, that whenever computer systems are involved, which today is, essentially, always, cybersecurity must be a priority.  It is fundamental to the trust that allows technology to benefit consumers to its full potential, and vital to ensuring that customer assets and information are secure.  This is a challenge that, unfortunately, is not going to go away.

Separately, I think that it is worth noting the importance for firms of engaging with the regulator. If you have questions or concerns about the application of a new technology, reach out and discuss it with us. Pro-active engagement with regulators like the Central Bank plays a vital role in ensuring ongoing compliance.

As for the Central Bank, we have been engaged in a review of our approach to FinTech for the past several months, and this builds on our work over the past several years.  We have been meeting with FinTech stakeholders here in Ireland, including industry groups, incubators and accelerators, and individual firms.  We have been engaged with our European counterparts to understand what they are doing, both bilaterally and in the context of EU-level initiatives at the three European Supervisory Authorities and the Single Supervisory Mechanism.  This is very much a priority for the Central Bank in 2018, and we will be updating the public on the results of our review and any related actions in due course.

Brexit

Turning to Brexit, if I can briefly touch on how the Asset Management Supervision Directorate has engaged with our existing supervised entities on their Brexit preparedness.

In November 2017, we wrote to all medium high and medium low supervised entities asking them to provide:

  1. an overview of the impact Brexit will have on their business;
  2. a summary of their Brexit plans under a number of scenarios; and
  3. confirmation that each board has considered and has operationalised or is prepared to operationalise its strategic/contingency Brexit plans.

We are currently reviewing the responses received from the medium high and medium low impact firms and this review will feed into our supervisory strategy for the rest of the year, both for individual firms and for the wider industry. What is more, we have also issued a letter to all low impact supervised entities outlining a number of items we expect these firms to consider as part of their Brexit planning.

While on the subject of Brexit, I am conscious that a transition period to the end of 2020 was announced last month. This can be seen as a positive development in that it presents industry with more time to adjust to the new realities associated with Brexit. However, any such transition period remains subject to political negotiations and agreement.

In a recent keynote address, Deputy Governor Ed Sibley referred to the journey facing firms as they get to the stage whereby their full post-Brexit business arrangements are operational1. The Deputy Governor also highlighted the need for firms to be able to credibly demonstrate they can accelerate this journey should the transitional arrangements not be ratified. Let me be clear when I say that the Central Bank expects firms to continue to progress with their strategic and contingency planning for Brexit; and to have assessed the Brexit impact under a number of different scenarios.

Notwithstanding the above, one thing that has become abundantly clear in the last number of months is that setting up a new operation within the EU27 is a complex task. If you would allow me to draw an analogy, I would compare it to Joe Schmidt and the Irish rugby team under his tenure. Evidently, after our grand slam success, we are now well placed to challenge for the world cup next year.

However, if we stop and think for a second, this success was not achieved over night. It is largely down to the time and dedication of Joe, the backroom staff and the diligence that has been embedded in preparing for each match. Similar to the rugby team, I am of the view that the time and effort required by firms, both small and large in size, in preparing for Brexit is substantial. Firms must give themselves sufficient time to obtain license approval, hire staff, source a suitable office location and so on. If firms utilise this time available now then they can expect to be well prepared for all plausible Brexit scenarios.

In this regard, I would strongly encourage any firm seeking authorisation from the Central Bank in 2018, not just those considering authorisation in light of Brexit, to engage with us as soon as possible. Applicant firms should be planning for a comprehensive authorisation process with appropriate challenge, and also be mindful that applications will likely require a longer timeframe in cases of complexity or where the Central Bank remains to be satisfied that the firm meets the required standards.

ESMA Opinions / Delegation

If I may now turn to a matter closely related to Brexit, the ESMA sector opinion papers published last July. These opinion papers were issued with the aim of fostering consistency in authorisation, supervision and enforcement related to the relocation of entities, activities and functions from the UK. The Central Bank strongly supports this body of work as it encourages greater supervisory convergence amongst member states.

As outlined in our Markets Update publication of 14 March 2018, the Central Bank has recently concluded a comprehensive review of the way it deals with the issues covered by the three ESMA Opinions. This was necessary to ensure that the Central Bank’s authorisation and supervisory processes are materially aligned with the opinions.

A number of procedural enhancements will be made in due course through the updating of the Central Bank’s application forms and internal procedures. Meanwhile in the interim, these enhancements will be incorporated as part of our authorisation process.

I think we can all agree that one of the key topics addressed in the opinions is delegation arrangements, in particular when the service provider is outside the EU. In a recent keynote address2, ESMA’s chair Steven Maijoor highlighted that the opinions were “not looking to question, undermine or put in doubt the delegation model”, what the opinions are seeking to address is “the risk of letterbox entities”. On that note, I acknowledge that the delegation model is an important element of the funds industry today. However, in delegating a function, it is of the utmost importance that authorised entities do not lose sight of the responsibility and oversight role they retain. The Central Bank’s expectation is that authorised entities act in the best interests of investors at all times and this includes when delegating functions to a third party.

General Data Protection Regulation (GDPR)

Moving on, I am acutely aware that GDPR comes into force on 25 May and that it is one of the topics included in today’s panel discussion. In short, GDPR preparation represents a significant undertaking for all financial services entities. The Central Bank has been assessing our own responsibilities in this area and has a GDPR Project Team who have been tasked with ensuring that the Central Bank is compliant with the new data protection regulations.

To that end, I think it is important to highlight that we are not the regulatory authority in the context of GDPR. The Central Bank is, through our ongoing engagement with supervised entities, having discussions more generally on GDPR preparations. However, ultimate responsibility for assessing compliance with data protection legislation and the GDPR is with the Office of the Data Protection Commissioner.

AMS Supervision Focus in 2018

At this juncture, let me say a little bit more about the Central Bank’s supervisory focus in 2018, particularly in the context of asset management supervision.

MiFID II may have been implemented on 3 January last, however this date does not represent the end of the hard work needed by industry and regulatory authorities. On that note, I am pleased to see that many of our regulated entities have come together to establish the Irish MiFID Industry Association (IMIA) which facilitates peer interaction and discussion on regulatory developments impacting MiFID firms in Ireland.

MiFID II will remain a key priority and an important aspect of the Central Bank’s supervisory focus in 2018. Through targeted visits, we will seek to determine the overall adoption by firms of the new rules and also to gain an insight on the areas that are most challenging for firms.  Moreover, we are currently considering a number of MiFID II thematic reviews to undertake. The topics and timelines have yet to be determined but I envisage that these thematic reviews will commence in H2 of this year.

Another of our key priorities this year is to maintain a high level of visibility, across all industry types, on the importance of the protection of client assets. Last year we completed a thematic review in relation to how investment firms, holding client assets, had implemented the new risk management requirements introduced in 2015.

This year we have expanded our focus with a thematic review on the Investor Money Regulations (IMR).  This review was undertaken to  determine how a number of fund service providers holding investor money had implemented the IMR, introduced in July 2016. Our initial assessment is showing that the implications of the IMR appear to have been well considered in advance of the implementation date. Nevertheless, in terms of embedding the IMR, it is clear that operational issues were encountered.

We have noticed less operational issues in those firms with formal investor money committees and working groups in situ. The thematic review identified that Investor Money Management Plans (“IMMPs”) require enhancement, particularly in relation to the inclusion of a detailed insolvency section with a clear “roadmap” as to how it would be executed, particularly in the event of an insolvency. A similar finding was identified during last year’s thematic review on the client asset risk management requirements. I would encourage fund service providers to leverage off that industry letter3 and apply the findings and good practices, as applicable.

In terms of next steps for the IMR thematic review, where issues were identified, the Central Bank will engage with the entities included in the thematic by way of post-inspection letters, containing recommendations and/or risk mitigation programmes, where relevant.

Moving on, CP86 comes into full effect for fund management companies from 1 July 2018. It introduces important changes to the fund management landscape and imposes a number of key obligations, such as managerial functions, organisational effectiveness and retrievability of records.

I would like to take this opportunity to stress the importance of fund management companies addressing, in a comprehensive manner, their CP86 obligations in advance of the 1 July deadline. In the lead up to 1 July, our supervisory focus will centre on firm preparedness. This will include issuing a short questionnaire to all effected firms shortly. Post 1 July, our supervisory focus will shift to assessing how firms have implemented and embedded the key CP86 requirements into their arrangements.

For significant regulatory changes like this, thematic reviews are an important tool for identifying and publicising observed standards of industry compliance. In this respect, we plan to include CP86 in our future thematic work programmes. In summary, our supervisory engagement on CP86 over the next 18 months will be aimed at promoting the highest possible standards for how fund management companies operate in Ireland.

As regards to our supervisory focus on FinTech, last year the Asset Management Directorate issued a survey to develop our understanding of the impact that Fintech and Regtech was having in the MiFID sector. This year we plan to develop our understanding of the impact technology is currently having or will have in the near term in the Funds Industry.

To this end, we will reach out to our regulated entities shortly in the form of a short FinTech survey. We hope to gauge current levels of industry participation in this space and hopefully get your insight into how Fintech and Regtech will impact this sector. The results of this survey will help inform not only supervisory strategy but also policy in this area.

I think it would be remiss of me not to refer to the recent publication of CP1194 , a consultation paper on amendments to the Central Bank UCITS Regulations. The consultation paper proposes a number of changes including: (i) amendments arising from a 2017 review of the Central Bank’s UCITS Regulations, (ii) new requirements relating to UCITS which charge performance related fees and (iii) amendments arising from the implementation of EU Money Market Fund Regulation. CP119 is available on the Central Bank’s website and if any of you here today wishes to respond to the consultation paper, please do so no later than 29 June.

Culture

Before I conclude, looking wider afield across the Bank, perhaps I can give you some insight on how the Central Bank continues to make progress in addressing culture risk5.

In the insurance sector, for example, since 2016 work has been underway in exploring how the risk culture in firms can be captured. The end result of this work has been the Insurance Supervision Risk Culture Model and a risk culture assessment tool which will be rolled out during certain supervisory engagements in due course.

Furthermore, we are currently undertaking a substantial behaviour and culture review of the banks with the on-site element of this work commencing this month in the five domestic banks. I think it is important to highlight that cultural assessments are something that will continue to increase in frequency over the coming months and years. This will be across all sectors including the asset management sector.

You may ask why the Central Bank and other regulatory authorities are so concerned about culture risk. One of the lessons from the financial crisis is that an ineffective culture is the source of multiple supervisory issues today. We all, industry and regulators, must learn from the past and that means ensuring that the right culture is at the heart of all firms.

This does not mean that the Central Bank is responsible for a firm’s culture, definitely not. You as senior managers and the board are responsible, and you should be looking for mechanisms to constantly test that the culture you have is an appropriate one and is being lived by your staff.

Conclusion

I will stop there.

This evening you will have heard me speak on a number of important topics and I even got to mention the success of the Irish rugby team and the importance of all of us planning for the future. However, no one should be in any doubt that our core supervisory role remains the priority.

We are committed to maintaining an adequate level of engagement with our supervised entities. This underpins our risk based supervisory model and is fundamental to achieving our mandate of protecting consumers and safeguarding financial stability. As the basketball player Michael Jordan once said, “the minute you get away from fundamentals, the bottom can fall out of your game, your schoolwork, your job”.

We will continue our regular engagement as it enables us as supervisors to enhance our knowledge of the firms we supervise and to identify and mitigate risks that are outside of our risk appetite. As supervisors, we will continue to challenge you on the risks you and industry encounter. As regulated entities, you should remain focused that you have a sustainable and well-run business that puts clients first.

With thanks to Adrian O’Mahony for his contribution to these remarks.

1Speech by Deputy Governor Sibley

2 ESMA keynote address

3Industry Letter (PDF 471.7KB)

4Central Bank consultation (PDF 1.7MB)

5Central Bank speeches by Derville Rowland, Gerry Cross and Ed Sibley