Sustainability, market abuse and crypto-assets: Key themes from Central Bank Securities Markets Risk Outlook Report
The Central Bank published its Securities Markets Risk Outlook Report 2023 yesterday, summarising its expectations of what regulated firms and market participants should do to effectively identify, mitigate and manage risks in the context of their particular business activities this year.
Overall, the Central Bank expects to see a well-governed, trusted and resilient securities market, comprising well-governed firms, with high levels of protection for investors and market participants, and transparency on product features and pricing.
Key takeaways from the Report are as follows:
Sustainable Investment
The Central Bank is focused on disclosure and labelling. It expects regulated firms to comply with their regulatory obligations on disclosing sustainability-related information in respect of their products, and have robust policies and procedures in place to ensure that products marketed as ‘green’, ‘ESG’ or ‘sustainable’ are accurately described as such.
It emphasised that “[investors] have high expectations of asset management firms and funds regarding the veracity of their sustainable credentials. It is imperative that standards are high so that the sector can support the transition to a more sustainable economy…” This issue will remain a priority for the Central Bank over the next few years.
Market Integrity
- Market abuse continues to be a key focus area (as signposted in the Central Bank’s list of priorities for 2023).
- The Central Bank is still finding deficiencies in firms’ market abuse-related surveillance frameworks and governance structures (highlighted in its July 2021 Dear CEO letter) and will continue to check firms’ and trading venues’ compliance with its requirement to have trade surveillance systems in place that align with their respective business models.
- It also expects to see firms’ market surveillance frameworks calibrated to deal with large volumes of order cancellations to mitigate the risks of market abuse inherent in those cancellations.
- Regarding suspicious transaction order reports (STORs), it remains concerned that the volume of STORs isn’t matching increased trading volumes (particularly in light of increases in algorithmic trading), and sees quality issues with the STORs that are being made.
- The Central Bank reiterated that issuers must have strong frameworks and controls in place to ensure full compliance with the MAR requirements regarding insider lists and the management of inside information – this has been a consistent theme for the Central Bank since 2019.
Crypto-Assets
- The Central Bank reiterated that crypto-assets may not be suitable for retail investors, and noted its position from last year’s Report that it was highly unlikely to approve proposals for UCITS or RIAIFs to invest (directly or indirectly) in crypto-assets. It advised that this position remains under review and will be informed by European regulatory discussions on the topic, which will include active participation by the Central Bank, and may change should new information or developments emerge in the future.
- It also flagged that it is unlikely to approve a crypto-based proposal under the Prospectus Regulation (but again, it is keeping that position under review).
- Where a QIAIF is looking to gain exposure to crypto-assets, it must make a submission to Central Bank outlining how the AIFM could effectively manage the associated risks.
- Firms have also been asked to monitor the impending introduction of MiCA (the Markets in Crypto-Assets Regulation), which will come into force in 2024.
External Risk Environment
Against the backdrop of rising interest rates, falling asset prices, market volatility stemming from the Russian invasion of Ukraine and the obligations arising from the resulting financial sanctions framework, the Central Bank expects regulated firms to:
- carry out regular, robust stress-testing (the Central Bank is particularly focused on funds ensuring that their liquidity arrangements are sufficient to meet redemptions and margin calls)
- have appropriate liquidity management tools in place, and use them when needed
- verify asset valuations that are impacted by rising interest rates and sanctions
- have appropriate procedures in place to identify sanctioned persons, and ensure compliance with financial sanctions
Market Conduct Risk
- Notwithstanding previous communication with firms regarding wholesale market conduct risk, the Central Bank is still seeing deficiencies in firms’ risk management frameworks, and an absence of ongoing monitoring (making senior-level oversight more difficult).
- Firms also need to adapt their frameworks to address the potential for additional conduct risk stemming from hybrid working arrangements (e.g. recording communications, and ensuring that they aren’t taking place through unauthorised channels).
Delegation and Outsourcing
- Delegation in the funds sector remains a focus area, with considerable growth in fund management companies (FMCs) providing services to third party funds. The Central Bank expects FMCs to increase their resources and expertise to address this.
- Outsourcing of market abuse surveillance on an intra-group basis necessitates robust local oversight and monitoring, to ensure that the delegating firm retains responsibility for the delegated activities.
- Outsourcing of digital processes and cybersecurity is growing – the Central Bank expects firms to focus on oversight and continual monitoring of those arrangements.
Cybersecurity
The Central Bank expects firms to monitor the impending introduction of the EU Digital Operational Resilience Act (DORA) in 2024, ensure they have adequate tools, governance and risk management frameworks in place, and ensure their ICT governance, and risk management, frameworks are appropriately designed and implemented.
Data
As signposted in the Central Bank’s 2022-2024 Strategy, it is particularly focused on ensuring that the data it receives from firms is high quality, accurate and submitted on time, with appropriate oversight in place and procedures in place for escalating and reporting data issues.
If you would like to discuss any of these developments in more detail, please get in touch with the authors or your usual contact in the following groups: