Cryptocurrency Regulation, Cybersecurity and EMIR Updates Headline Cappitech’s Compliance Breakfast
Last week, Cappitech held its quarterly London Compliance Working Group. After four successful events in 2018, this was the first of 2019.
The event was held at the CME Group London offices, the home to their European Trade Repository, a partner of Cappitech’s for EMIR Derivative Reporting. Along with an update on EMIR and Brexit outcomes affecting Transaction Reporting, this quarter’s theme focused on compliance and new technology.
Presenting at the breakfast event were Mark Kelley, Head of Compliance at Coinbase UK, Gregory Worsfold, Founding Partner at Optima Partners and Jennine Watts, Director, Global Repository Services EMEA at CME. Summarised below are the key items discussed.
EMIR and SFTR updates
Speaking first was Jennine Watts. In preparation of Brexit, it was explained that ESMA and NCAs have undergone a large scale review of the quality of EMIR reporting data. With the potential of financial firms moving trade due to Brexit, ESMA wanted to ensure that reported data is uniform across the industry to allow for easy porting of EMIR reports between repositories.
Despite being in effect since 2014, EMIR reports still suffer from many data quality issues. As such, Jennine explained that ESMA has been vocal about their desire for NCA’s to take an active role in monitoring participant reports to review data quality and potential systemic risk.
Overall, ESMA’s push to improve data quality is part of the upcoming EMIR Refit taking place in June. Jennine explained that the goal of the Refit is to “improve data standards, clarifying what fields mean for counterparties to repeat the same data”.
FCA’s Crypto Asset Consultation
Speaking next was Mark Kelly from Coinbase who summarised the main points of the FCA’s Crypto Assets Consultation. Mark first explained that the FCA specifically called them ‘assets’, and didn’t identify crypto products as currencies. This is an important distinction as it points towards new regulation standards needed to govern cryptocurrencies.
Mark explained that there are three main crypto asset types; exchange coins, utilities and security tokens. Exchange coins are either cryptocurrencies with their own fluctuating values like bitcoin and litecoin or crypto products pegged to a specific fiat currency or price and are similar to eMoney. For these products, the main regulation is AML and eMoney authorisation.
Where things get tricky is with Security Tokens. These are when securities are issued using a token instead of traditional shares or notes. Examples are selling equities in a company, raising debt or creating ETFs via crypto assets. According to the FCA’s consultation, these activities fall under existing securities law and MIFID II. Therefore, these cryptocurrencies would require new issues to be listed on an exchange and have an ISIN, and trades would need to be reported under MiFIR.
Cybersecurity and the FCA
Next up was Greg Worsfold discussing the upcoming FCA Cybersecurity Standards. According to Greg, one of the FCA’s strategic priorities for 2019 is for companies to have a formal business plan for handling cybersecurity risks. This comes as the FCA reported a 200% increase in technology outages in 2018, with 18% of them being cyber related.
Items companies should include in their business plan are:
- • Understanding who could target your firm, why and what information would they want?
• Vendor management – the need to do due diligence on vendors to understand the access they have, how they handle it and, if cloud based, what that means.
• Employee terminations – How to handle security risks related to employees leaving a firm.
• Responsibility – Assigning responsibility to a firm’s management and board.
Overall, with GDPR going into effect last year and SMCR going live at the end of 2019, the FCA’s focus on ensuring financial firms are better prepared for cybersecurity risks fits well with those two other legal initiatives.
Recent regulatory actions
The morning ended with a short summary from Cappitech of regulatory actions we are seeing in the market. Covered was a recent focus by the FCA and CySEC on Best Execution reports and quality.
Also driving the market has been a push from major banks and large financial institutions to improve their MiFIR reporting. After rushing to be compliant by the January 2018 deadline, many companies are now putting in place processes to review their reports and ways to improve them.
Download our Guide on 10 Best Practices for Compliance KPI Management and learn how compliance managers can improve their KPIs.