BankingRegulatory Guide 2019

Financial crimeFurther strengthening of the UKs AML/CTF (Anti-Money Laundering andCounter-Terrorism Financing Act 2006 ) regime is on the horizon withthe next instalment of the EUs Anti-Money Laundering Directive, 5MLDbeing targeted for transposition into UK Law by 10 January 2020.

5MLD amends 4MLD, and includes some lessons learnt from the Parisand Brussels terrorist attacks and the Panama papers, plustechnological innovation. Key changes include:

p Cryptoassets: Custodian wallet providers and virtual currencyexchange platforms will fall within the scope of AML laws, as theyhave been added as new obliged entities (OE).

p Improving enforcement: There will be new a national bankaccount register to enable easy access by law enforcementauthorities to bank account information for all bank accounts, withregistries to be interconnected between member states.Additionally, enforcement authorities will be able to requestinformation from an OE even where no Suspicious Activity Reporthas been filed.

p Clarification of Politically-Exposed Persons (PEPs): Consistentapplication of PEP screening by clarifying the functions that qualifyas “prominent public functions”.

p Tighter controls relating to high risk third countries: 5MLDprescribes enhanced due diligence measures for businessrelationships or transactions involving high-risk third countries.

p Increasing transparency of beneficial ownership of corporates:Wider access to each Member State’s central register of beneficialownership of corporates. There is a new ‘discrepancy reportingrequirement’ which requires OEs to report any discrepancies theyfind between the information that they hold, and the informationon the register.

Climate change riskThere is accelerating regulatory focus on managing the financial risksfrom climate change. Since the Paris Agreement in December 2015,106 laws and policies have been introduced worldwide.

The PRA was the first regulator to set standards for climate riskmanagement. Policy Statement 11/19 was released in April 2019requiring banks and insurers to take a strategic approach to “managingthe financial risks from climate change, taking into account currentrisks, those that can plausibly arise in the future, and identifying theactions required today to mitigate current and future financial risks." Inaddition it sets expectations in a number of areas includinggovernance, risk management, scenario analysis, and disclosures.Firms are required to have initial plans and updated seniormanagement function (SMF) forms in place by October 15th 2019. Thepolicy set out in PS11/19 has been designed in the context of theexisting UK and EU regulatory framework and will not be affected inthe event that UK leaves the EU with no implementation period inplace.

In June 2019, the European Commission published guidelines onreporting climate change-related information under the Non-FinancialReporting Directive 2014/95/EU. The guidelines are a part of theCommission’s Sustainable Finance Action Plan published in March 2018that aims to reorient capital toward sustainable investment, managefinancial risks arising from climate change, and foster transparencyand a long-term view in financial and economic activities. Theguidelines list criteria for 67 economic activities and establishstandards on taxonomy, EU green bonds, and benchmarks.

Overall, we are seeing momentum building among policy makers,investors, banks, insurers and companies in the real economy – both inthe UK and across the globe. We advise that companies act now tounderstand and prepare for the uncertain impacts of climate changeby developing comprehensive strategies and implementation plans toenhance their strategic resilience.

Operational resilienceOn 5th June 2018 the Prudential Regulation Authority (PRA), FinancialConduct Authority (FCA) and Bank of England issued a joint discussionpaper on operational resilience, highlighting the increased regulatoryfocus.

The authorities are expected to publish a consultation paper in Q4 thisyear, reaffirming their approach to resilience and providing somefurther clarity on some of the key principles outlined in the discussionpaper. However, the authorities are already holding some firms to thestandards set out in the discussion paper, and European and USregulators are also exploring a similar direction. Banking firmstherefore need to start responding to this now, if they haven’t already.

But what does being resilient really mean, and how should bankingorganisations respond? We believe that operational resilience cannotbe achieved in isolation, and is a factor of existing capabilities acrossthe organisation. These capabilities need to work in concert to allow anorganisation to offer resilient services to its customers and otherinterested parties.

Key areas of focus are:

p Ensure clear ownership and accountability for operationalresilience, which includes understanding the critical people,processes and systems that underpin a resilient service. The Boardshould actively weigh up the costs of operational failures againstthe financial cost of being resilient.

p Design operational processes and locations to support resilienceduring disruption. This includes areas such as Incident and crisismanagement, and business continuity planning.

p Manage Business and IT change in a way that supports resilientoutcomes and resilience is a standard part of the change process.

p Ensure technology systems, processes, data and infrastructure aresufficiently resilient to maintain service during disruption, andsupport fast and effective recovery.

p Put adequate Information Security capabilities in place to protectagainst adverse cyber security events.

The EU Cybersecurity Act On the 27 June, ENISA, the EU Agency for cyber security adopted itsnew mandate under the European Cybersecurity Act. The Act, furtherincreases the important role that ENISA plays in both ensuringeffective cybersecurity across the EU and driving innovation and co-operation. Under its new mandate ENISA will be developing aCybersecurity Certification Framework aimed at ICT products andservices, ultimately addressing two distinct challenges affectingindustries today:

1. The emergence of different cyber security certification schemesthat do not align to any overarching framework and thereforestruggle to be sustained or valued in the market, and;

2. The lack of support and governance to ensure strong coverage ofcyber security requirements across multiple industries, whether it’ssupporting smaller SMEs that provide ICT products and services tolarge organisations, or the security of IoT affecting critical nationalinfrastructure.

Organisations should keep a close eye on the development of thisframework and seek to embed this change within their vendormanagement and risk assessment frameworks.

About Baringa PartnersBaringa Partners is an independent business and technologyconsultancy. We help businesses run more effectively, navigateindustry shifts and reach new markets.

We use our industry insights, ideas and pragmatism to help eachclient improve their business.

Collaboration is central to our strategy and culture ensuring weattract the brightest and the best. And it’s why clients love workingwith us.

Baringa. Brighter together.

Baringa’s Finance, Risk and Compliance TeamBaringa’s Finance, Risk and Compliance Team specialises in helpingfirms understand and respond to the strategic, financial andoperational implications of new regulation and to enhance riskmanagement. A trusted advisor to risk, compliance and treasuryleaders, Baringa Partners’ capabilities and credentials span banking,insurance, asset management, capital markets, commodities andwholesale energy.

For more information please contact: risk@baringa.com or Chris Nott (Partner) on +44 203 763 4859 or David Harris (Partner) on +44 7717 413 805.

Baringa Partners LLP, 3rd Floor, Dominican Court, 17 Hatfields, London SE1 8DJT +44 (0)203 327 4220 F +44 (0)203 327 4221 W www.baringa.comE risk@baringa.com

Update on key timings and trendsYour guide to critical regulatory milestones, analysisof hot topics and emerging regulatory trends

p Beneficial ownership of trusts: 5MLD extends beneficial ownershipreporting requirements to any legal arrangement that is similar to atrust, and also tax neutral trusts. It also widens access to thecentral register of beneficial ownership to any person who can showa ‘legitimate interest’.

p No more anonymous safe-deposit boxes: Anonymous safe-depositboxes will no longer be allowed.

p More prepaid instruments subject to due diligence (e.g. giftcards, travel cards): The threshold requirement has been reducedfrom €250 to €150.

The Sixth Money Laundering Directive (6MLD) will quickly follow 5MLD,with EU member states having to transpose its requirements by 3December 2020. Key changes in 6MLD include explicitly definingpredicate offences for money laundering, increasing internationalcooperation for prosecution of money laundering and theharmonisation of tougher punishments and other dissuasive sanctionsfor money laundering offences.

These changes will impose greater obligations on firms to train staff torecognise possible indicators of all predicate offences. In addition,firms will have to implement monitoring systems to detect proceedspossibly linked to these offences.

Conduct riskSenior leaders across the financial services industry continue to facechallenges to ensure that conduct risk is a living and breathing riskdiscipline embedded into the ways of working across key businessfunctions.

Revenue concerns - Front office face a challengingmarket to deliver revenue growth and may be lessreceptive to demonstrating best-in-class outcomes if thismay impact revenue

Un-scalable solutions - Legacy solutions to monitor andreport on conduct risk, such as COI (conflicts of interest)registers, product inventories, best execution controls,etc. may not be scalable and tailored to meet theevolving needs of the business

Shifting priorities - Increasing commercial, regulatoryand internal initiatives will impact the firm’s commitmentto continuously improve on delivering good conductoutcomes and behaviours

Silo mentality and culture change - Different businessfunctions at the local and global level lack consistentunderstanding of conduct risk and practical tools toidentify, mitigate and report conduct concerns in a waywhich is efficient and embedded into BAU

Increased cost of failure - Failure to adequately manage conduct risk will result in negative financial,reputational and client outcomes, however firms mustfind the balance between the cost of change vs. the costof failure

Sustainability - Ensuring conduct risk managementcontinues to operate in an evolving ecosystem past thefirst 12-18 month honeymoon period requires C-suitelevel commitment and desk-level managementpersistence

p Understand and manage resilience risk relating to third-partysuppliers and partners, with suppliers assessed on how theymanage risk at the point of selection as well as on an on-goingbasis.

p Put in place an organisational culture that values behaviourssupporting resilient outcomes, and people with sufficient skills andknowledge to maintain resilience.

We are working with firms on all aspects of their resilience framework,and helping them respond to some of the specific requirements in thediscussion paper, including helping them think through how to defineand prioritise services and calibrate their impact tolerances.

StructuralReform

StructuralBankingReform /Recovery &Resolution

p BRRDp UK Ring-fencingp FSB Bank Recovery &

Resolution Planningp Impediments to

resolvabilityp UK Bank Recovery &

Resolution Planning

Conduct EU / Global 01.01.20: Transitional arrangements for certain benchmarks will expirep EU Benchmarks Reg.

JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC 2020+

FinancialRegulation

Capital p Basel III p CRD V / CRR IIp FRTBp MREL p TLAC (UK)

Q3 2019: EBA is expected to publish areport to the Commission on the EU

implementation of Basel III

Brexit 31.10.19: UK exits the EU (in case of no extension agreed by EU27 members)p UK exits EU

MarketStructure

InvestmentManagement

p PRIIPS

EU / Global

10.01.20: Directive will come into force, bringing virtualcurrency exchanges and custodian wallet providers into it

p AMLD V

Cyber Resilience p IT Risk Q1-Q2 2019: ECB has indicated it plans on issuing supervisory expectations on how banks approach IT risks in general

BankingRegulatoryDevelopmentsTracker 2019The timelines reflect a number of key regulatory themesin the shape of both guidance and requirements thatwill be affecting the banking sector in 2019 and lookingforward to 2020. It is important that firms consider thepotential impacts on their business. The timeline coversthemes such as Basel III, CRD V/CRR II, IBOR reform,vulnerable customers, resolvability and climate change.

Baringa’s Finance, Risk and Compliance team specialisesin helping firms understand and navigate the spectrumof regulatory milestones and challenges as well asprovide insight and solutions addressing key industrytrends. We are unique in our ability to bring togetherthese skills within a single team, combining capabilitiesto bring the very best advisory and delivery services toour clients.

UK p SMCR

Q2-Q4 2019: SM&CR extension expected to come into effect for solo-regulated firms

ConsumerCredit

p Big Datap Consumer Credit Actp High Cost Creditp Debt Managementp Credit Information

ConsumerVulnerability

p Market Integrityp Vulnerable customers

Q1 2019: FCA is expected to publish a report for consultation on market integrity l Q1 2019: FCA is expected to publish new guidance on vulnerable consumers Q1-Q2 2019: Treasury Committee is expected to report on its inquiry into the level of access consumers have to financial services, with a particular focus on vulnerable customers

AbbreviationsAMLD V Anti-Money Laundering Directive VBCBS Basel Committee on Banking SupervisionBoE Bank of EnglandBRRD Bank Recovery and Resolution DirectiveCCA Consumer Credit ActCCP Central CounterpartyCDS Credit Default SwapsCMA Competition and Markets AuthorityCRD/R Capital Requirements Directive/RegulationCVA Credit Valuation AdjustmentEBA European Banking AuthorityEC European CommissionECB European Central BankEEA European Economic AreaEMIR European Market Infrastructure RegulationESA European Supervisory AuthorityESG Environmental, Social and Governance ESMA European Securities and Markets AuthorityESTER Euro Short-Term Rate EU European UnionFAMR Financial Advice Market ReviewFATCA Foreign Account Tax Compliance ActFCA Financial Conduct AuthorityFI Financial InstitutionFINRA Financial Industry Regulatory AuthorityFRC Financial Reporting CouncilFRTB Fundamental Review of the Trading BookFSB Financial Stability BoardFSMA Financial Services and Markets AuthorityGSIB Global Systemically Important BankHMRC Her Majesty's Revenue & CustomsHMT Her Majesty's TreasuryICAAP Internal Capital Adequacy Assessment Process ILAAP Internal Liquidity Adequacy AssessmentLCR Liquidity Coverage RatioLIBOR London Inter-Bank Offered Rate MiFID Markets in Financial Instruments DirectiveMREL Minimum Requirement for Own Funds and Eligible LiabilitiesPRA Prudential Regulatory AuthorityPRIIPS Packaged Retail Investment ProductsPSD II Payment Service Directive IIRPA Robotics Process AutomationRTS Regulatory Technical StandardsSI Systematic InternaliserSMCR Senior Managers Certification RegimeSONIA Sterling Overnight Index Average SRB Single Resolution Board TCFD Task Force on Climate-related Financial Disclosures TLAC Total Loss Absorbing Capital

For more information please contact:

risk@baringa.com or Chris Nott (Partner) on +44 203 763 4859 or David Harris (Partner) on +44 7717 413 805.

Baringa Partners LLP, 3rd Floor, Dominican Court, 17 Hatfields,London SE1 8DJ T +44 (0)203 327 4220 F +44 (0)203 327 4221W www.baringa.com E risk@baringa.com

Theme Sub-theme Regulation

Q4 2019: Implementation date for therevised GSIB assessment methodology

Q4 2019: Expected delegated actimplementing the FRTB as a reporting

requirement

2022: Final MREL requirements to come into force01.01.22: Implementation of the internal model output floor

01.01.22: Implementation of the revised Standardised Approach for Credit Risk01.01.22: Implementation of the revised approach to Operational Risk

01.01.22: Implementation of the finalised leverage ratio framework and G-SIB leverage ratio buffer l 01.01.22: Implementation of the revised

IRB framework l 01.01.22: BCBS deadline for the revised market risk framework to be implemented

Q2 2019: Earliest likely date for a political agreement by EU institutions on the Level 1 text of the CRD V/CRR II package Q2-Q3 2019: Earliest likely date for secondary rulemaking to beginfollowing a political agreement by EU institutions on a Level 1 text forthe CRD V/CRR II package

Q1-Q2 2019: FSBexpected to conduct areview of the technicalimplementation of TLAC

Securities p SFTR Q2-Q3 2019: Application of reporting requirementsfor credit institutions and investment firms

Q3-Q4 2019: Application of reporting requirements forcentral securities depositories and central counterparties

Q4 2019-Q1 2020: Application of reportingrequirements for insurers and investment funds

Q1-Q2 2021: Application of reportingrequirements for non-financial counterparties

Q4 2019: Earliest likely applicationdate of revised BRRDQ4 2019: BoE will consult on a newdisclosure and assurance frameworkfor bank resolvability

Q1 2019: UK Ring Fencing requirements must be in place (with the exception of separation of pension schemes)Q1 2019: SRB will complete detailed assessments of banks' substantial impediments to resolvabilityQ1 2019: PRA rules on Operational Continuity in Resolution become applicableQ1-Q2 2019: FSB will publish the results of its thematic peer review on bank resolution planningQ1-Q4 2019: UK banks will be required to submit the first round of resolvability self-assessmentsQ1-Q4 2019: BoE will launch a pilot of its approach to cyber stress testing, with a focus on paymentsQ1-Q4 2019: BoE will begin public disclosure of UK banks' resolution plans and its own assessment of UK banks' resolvability

01.01.22: Deadline for the BoE tocomplete work to make the UKresolution framework fully resolvable

Q1 2019: ESAs are expected to submit RTS to the Commission setting out targeted amendments to PRIIPs rulesQ1 2019: FCA is expected to publish a feedback statement on its call for input

Resolvability p Creditor HierarchyDirective

p Non-Performing Loans

Q1 2019: Application date for revisingthe creditor hierarchy for unsecured debtto facilitate the implementation of TLAC Q1-Q2 2019: Regulation on prudentialbackstops for non-performing loansenters into force

01.01.21: EU's directive to expeditecollateral enforcement and facilitatesecondary markets of non-performingloans becomes applicable (except severalprovisions on credit servicers)

Trading p EMIRp MiFID IIp IBOR Reform

09.05.19: Category4 firms subject to

clearing obligationfor CDS

21.06.19: Category3 firms subject toclearing obligationfor CDS

Q3 2019: Expected start date of theSONIA term rate daily publication

01.09.19: Initial margin requirementsfor firms exceeding the EUR 750 bn

threshold to be phased-in

03.-7.20: Open-access requirements for exchange traded derivativesto apply to several major trading venues previously exempted

01.09.20: End of phase-in for initial marginQ4 2021: FCA announced that by end-2021 they would no longerseek to compel or persuade panel banks to submit LIBOR quotes

Q2 2019: First legislative proposal to amend EMIR is expected to be finalised in the first half of 2019 l Q2 2019: CCP supervisionproposal is expected to be finalised in the first half of 2019 l Q2 2019: Euro risk free rates working group is expected to providerecommendations on contract, protocol and regulatory amendments l 30.04.19: Updated transitional transparency calculationsfor derivatives, exchange-traded-commodities and exchange-traded notes, structured finance products and emission allowances,large inscale and size specific to the financial instrument thresholds for bonds to be published l Q2-Q4 2019: A SONIA term rate isexpected to be available

Q4 2019: Dailypublication ofESTER is expectedto start

Q1 2019- Q4 2020: Euro risk free ratesworking group is expected to develop andlaunch a Euro risk free rate term structure

Payments p PSD II Q1-Q2 2019: FCA to publish an updatedMemorandum of Understanding with the ICOon how they will work together in the future

Q2 2019: UK ICO will launchthe trial phase of its sandboxfocused on data protection

Disruption andinnovation

p Fintechp Automated Advicep Regtechp Crowdfunding

Q1 2019: ESAs will explore the need for guidelines on outsourcing to cloud service providersQ1 2019: FCA is expected to feedback on its outcomes testing on automated adviceQ1 2019: EU Commission is expected to publish a report on best practices for regulatory sandboxes

Q2 2019: FCA will publish its finalised rules on crowdfunding, to address areas of concern, especially for loan-based crowdfunding l Q2 2019: EU Commission ExpertGroup will asses unjustified regulatory obstacles to financial innovation, and whether the current regulatory framework fosters financial innovation and the scaling up ofinnovative start-ups l Q2-Q4 2019: EBA is expected to report on emerging technology risk and give guidance for prudential supervisors

Q4 2019: EBA is expected to publish a report/opinion on regulatory technologiesQ4 2019: UK government’s Fintech Delivery Panel will publish a set of industry standards that will support Fintech firms by providing themwith a consistent understanding of what financial services firms will need from them before entering into partnership arrangements

Risk Mngmnt. p Internal models Q1 2019: ECB is expected to finalise the standards on ICAAP and ILAAP

Q1 2019: FCA is expected to publish a consultation paper on the Consumer Credit Act retained provisions review l Q1 2019: FCA is expected to publish a consultation paper and a policy statement on high-cost creditQ1-Q4 2019: EBA is expected to publish a report on financial exclusion and big data

Q2 2019: FCA is expected to publish a review of the Debt Management sector l Q2 2019: FCA is expected to publish the terms of reference for a market study on credit information

01.04.19: FCA price cap on rent-to-own products is expected to come into force pending a consultation

SustainableFinance

p Climate Changep Green Bondsp Credit Rating p Sustainability Ratingsp Corporate

Governancep TCFD report

Q1 2019: EC technical expert group is expected to provide an EU classification system for climate change mitigation activities l Q1 2019: ESAs are expected to collect evidence of undue short-term pressure from capital markets on corporations l Q1 2019: FCA expected to consult on how workplace personal pension schemes consider ESG and climate change risks and opportunities and relevant non-financial factors l Q1-Q2 2019: EC is considering incorporating climate risks into firms' risk management policies and potential calibration of banks' capital requirementsunder CRR/CDR

Q3 2019: EC to report on progress made on actions involving credit ratingagencies l Q3 2019: EU classificationsystem for climate change andsustainable activities is expected tocome into effect l Q3 2019: TCFDexpected to publish a report onimplementation progress l Q3 2019:PRA is expected to publish a report andsurvey results on the UK bankingsector's response to climate-relatedfinancial risks

Open Banking p PSD2 14.03.19: Testing “sandbox” environment that includes APIs, documentation and support 14.09.19: (PSPs) Regulatory Technical Standard (RTS) compliance deadline

Q2-Q3 2019: Expected FPC pilot cyber stress test (payments); March 2019: BoE FPC published details on pilot for cyber stress test (payments)

OperationalResilience

p Operational Risk September 2019: EBA guidelines onOutsourcing Arrangements

Q4 2019: Expected consultation paper on regulatory approach to Operational Resilience. Separate papers expected from PRA and FCA

2020: Operational resilience expected to be incorportatedinto the PRA's Prudential Framework by the end of 2010

Q2 2019: PRA is expected to publish its supervisory statement on the management of financial risks from climate changeQ2 2019: EC technical expert group is expected to report on an EU standard for green bonds l Q2 2019: A delegated act on thecontent of the prospectus for green bond issuance is expected l Q2 2019: EC technical expert group is expected to report onthe design and methodology of the low-carbon benchmark l Q2 2019: ESMA is expected to assess practices in the credit ratingmarket and to include ESG information in its guidelines on disclosure for credit rating agencies l Q2 2019: EC is expected tocarry out a study on sustainability ratings and market research l Q2 2019: Expected revision of guidelines for companies onhow to disclose non-financial information in relation to climate-related data l Q2 2019: EC is expected to assess potentialmeasures to promote corporate governance more conducive to sustainable finance l Q2 2019: TCFD expected to publish anupdated report to the FSB