CHANGING EUROPEAN

REGULATION AND ITS

IMPACT ON SHARE PLANS

24 July 2017

Marcus McEvoy Director, Client Management & Business Development, CPM EMEA marcus.mcevoy@computershare.co.es

Welcome! Your speakers for today….

2

Jason Murray Chief Operations Officer Computershare EMEA jason.murray@computershare.co.uk

3

Recap: MiFID II and GDPR

Enhanced transaction reporting and new requirements for collecting participant data

Computershare's approach to GDPR

An update on our revised participant terms and conditions

Summary and questions

What will we cover today?

4

European directive, to be implemented in all EU Member states

It’s a collection of highly technical standards and regulations for organisations involved in financial markets – brokers, investment businesses etc.

It takes effect from 3 January 2018

Its aims include to: › Strengthen investor protection › Increase transparency of markets › Improve best execution

It builds upon MiFID, originally implemented in 2007

Markets in Financial Instruments Directive II: an overview

5

Intended to create a more consistent data protection framework in the EU, enhancing the rights of citizens over their personal information

Strengthen existing obligations on data controllers, impose new obligations on data processors, and create tougher enforcement and penalties for breach

GDPR will replace the Data Protection Directive and apply in EU Member States from May 2018

Its aims include to: › Achieve greater harmonisation › Both issuers and administrators are accountable

Despite being an EU directive, still seen as a global issue and applies to all industry sectors

The General Data Protection Regulation (GDPR)

6

Governs retail trading activity across Europe

Increases the amount of personal information required

at the point of trade

Increases frequency of participant statements from

annually to quarterly

What changes are driven by MiFID II?

What new data is required at the point of trade?

We will need Date of Birth, Nationality, and National ID to undertake sales

Purchases are generally exempt

Nationality

The country, or countries, to which an individual

belongs potentially through birth or

naturalisation which may not match the country

they are working or living in.

National ID

European: While most European countries

require Computershare to report their respective Tax IDs, others require

either another form of ID or allow Computershare

to create an ID in its place using an

individual's name, nationality and date of

birth.

Non-European: In the first instance all non-

European nationals must be reported using their

passport numbers.

Where individuals do not have passports

Computershare can create an ID in its place

using their name, nationality and date of

birth.

Date of Birth

The calendar day on which an individual was

born.

8

MiFID II | Transaction Reporting: National ID Requirements

Following the webinar we will share a guide to identifying a participant’s National ID.

National ID requirements have not been altered in the regulation. There are clear rules around what information can be used and what you do when handling multiple nationalities.

Each European country has stipulated up to

three forms of identification their

nationals can provide to us, in priority order.

In some instances we are able to create a National ID

for an individual.

If applicable, we will do this using a combination of their

name, date of birth and nationality.

All non-European nationals are required to provide their national passport numbers.

If they don’t have a passport we can create a

National ID using a combination of their name,

date of birth and nationality.

What if we don’t collect this information?

We aim to collect information before the participant needs to trade

9

There are three ways to collect this information

1. Your Client Manager will inform you of what data we have already

2. Your Client Manager will discuss preferred methods of sourcing any missing data

3. Communication campaign starting in October

1. You can provide via existing static details file transfer

2. Participants can update via Employee Online, in the ‘My Profile’ feature

3. Participants can complete at the point of trade

1. No trading 2. Particular focus on

plans with any default Sell-to-Cover or Sell-All trades

How will we collect this information?

If you choose to send details via file transfer, we will send further information on the specifications.

10

Confirm / input details at the point of trade

Coordinate participant communication with existing scheduled mailings

Target participants where a default sale event is imminent and data is outstanding

Communicate to participants without access to the web providing a postal alternative

Email participants inviting them to update their data online

Communicate to participants informing them of the regulation and the request for data, and provide further information by way of FAQS

Our participant communication campaign

Where we are collecting data directly from participants we will

Participant data | What do we already have?

MIFID II | Impact on different clients / plans

Our data review has shown that the MIFID II

data requirements will impact

clients & plan types differently.

For example, we’ve found

that clients with large UK SIP or

SAYE populations already hold much of the

required data, while others

with large global populations do

not. This is mostly due to

the requirement for passports for non-EU holders.

The requirement of default sales in certain plan

types will trigger a heavier solicitation

requirement in preparation for event dates.

Additionally, consideration

should be given for default sales

on leavers.

We will be contacting clients with

these characteristics

and determining solutions on a case by case

basis.

MiFID II | Statement requirements

Under MiFID II, we must produce statements for retail clients where we safeguard client money or assets (typically SPA and VSA nominee holdings)

MiFID II expands on this requirement for statements to be issued on a quarterly basis

MiFID II also introduces additional content requirements

From 31 March 2018 participants will be directed to Employee Online to view statements as a downloadable PDF

These regulatory statements will not replace any plans statements that are currently sent

14

GDPR | What is Computershare’s approach?

We have reviewed the regulation to identify relevant articles and define requirements. Project deliverables have been defined and structured within workstreams to support compliance by 25th May 2018.

We are already in good shape in relation to Data Protection compliance, but are running a project to update our documentation in line with the GDPR.

As further guidance is released and we progress our ‘Register of Processing’, we will contact you where we identify that changes may be required to services to support GDPR compliance.

We are currently compiling a register of personal data processing. The register is a requirement of the GDPR and will enable the identification of any process

changes required to support compliance with other GDPR requirements.

› We have taken the opportunity to review, improve and simplify all our retail customers’ terms and conditions.

› We have taken independent legal advice to ensure our retail customers’ terms and conditions are complaint with the new regulations and have adopted the FCA smarter consumer communications guidance.

› Each set of terms has been split into three distinct sections:

› Client Specific (fees/contact details/other variables)

› Product (provisions specific to the service being provided)

› General (provisions applicable to all terms and conditions within a category)

› We are standardising our terms across the board in order to ensure they are the highest quality and can be efficiently updated in the future as regulations change. This enables us to provide best value for corporate and retail clients.

15

MiFID II & GDPR | Revising our terms and conditions

16

What’s coming next? | Key dates

2017 2018

July Aug Sep Oct Dec

Milestone 1

Milestone 2

Milestone 3

New standard T&Cs available for clients

to view

Milestone 4

Participant communication notification of new T&Cs

Milestone 10

GDPR live date 25 May 2018

Milestone 5 Milestone 7

MiFID II live date 3 Jan 2018

Computershare to start collecting new data from the static

detail file

Nov Jan

Milestone 6

Periodic guidance issued by the FCA (relating to MiFID II)

Periodic guidance issued by Information Commissioner (relating to GDPR)

Ongoing client engagement

Feb

Milestone 8

Development to enable data collection by

routine methods - SMS, Award, Enrollment

Participant communication

invitation to capture data online

Milestone 9

Participant communication

Reminder where data still outstanding

Discussion with client on data currently held and identify additional

data requirements

Confirm method of collecting additional participant data from clients or participants

Share updates and developments with you in a timely manner

17

Let you know what data we already have and discuss how to collect additional data

Discuss and plan employee communications

Share our new standard terms and conditions

Share our country by country guide for determining National IDs

Enhance our online interfaces to capture additional information required for trading

Summary and next steps

18

Questions?

THANK YOU

FOR JOINING US