Press Releases


HomeNewsPress Releases
Share this page
Close
Rebecca Hansford
AFME highlights Brexit cliff edge risks in new paper
22 Jan 2018
Click here to download a copy of the paper. The Association for Financial Markets in Europe (AFME) has today published a new paper highlighting some of the potential cliff edge risks that Brexit could create for market efficiency and financial stability. The paper focuses on issues which may require intervention from policymakers and/or regulators in the UK and EU27. Simon Lewis, Chief Executive of AFME, said: “There are now less than 15 months before the UK leaves the EU and the financial services industry continues to face significant uncertainty. It is therefore imperative that agreement is reached as soon as possible on transitional arrangements. We have set out today a summary of some of the most significant cliff edge risks that need to be avoided through transitional arrangements and further action. In order to maintain financial stability, EU and UK policymakers should urgently clarify actions to mitigate these cliff edge risks.” The paper highlights the following 5 key risks: Cross-border personal data transfersRestrictions on sharing of personal data between the EU27 and the UK as a result of Brexit could severely disrupt the ability of businesses to continue to transfer personal data post Brexit. For businesses to continue to operate on a cross-border basis, an arrangement is required to ensure the ongoing free flow of personal data post Brexit. Continuity of contractsWhen the UK leaves the single market, existing passports enabling UK-based firms to engage in regulated activity in the EU27 (and vice versa) will cease. This creates important questions for businesses regarding the continuity of services under existing cross-border contracts. Choice of jurisdiction; recognition and enforcement of judgmentsThere is a very significant volume of financial services contracts where the parties have chosen the jurisdiction of the English courts. It is therefore important to provide clarity that continued recognition will be provided to the choice of jurisdiction throughout the UK and EU and that judgments of the courts of a Member State and of the UK will continue to be enforced throughout the UK and EU27. Access to market infrastructure: recognition of CCPsIn the absence of transitional arrangements, EU27 banks could find themselves in breach of regulation for maintaining positions in UK CPPs that would no longer be authorised or recognised under EU regulation. EU27 banks may also be required to hold a significantly increased amount of regulatory capital against positions in UK CCPs. While an equivalence framework for CCPs is in place in the EU, it is necessary to ensure that there is no gap while equivalence is formally assessed. Recognition of resolution actionsThe Bank Recovery and Resolution Directive (BRRD), put in place to prevent taxpayer bailouts, provides for the automatic recognition of resolution actions throughout the EU. Without an intergovernmental agreement, the automatic recognition would no longer apply as between the UK and EU27 following Brexit, which could create issues for financial institutions, including:- the potential requirement for EU27 banks to amend or reissue contracts governed by English law (and UK-based banks to amend or re-issue contracts governed by the law of a Member State) to include contractual recognition of bail-in and resolution stays, or having to re-issue them; and-uncertainty regarding the continued eligibility of English law governed capital and debt instruments issued by EU27 banks to meet loss-absorbing capacity requirements (and instruments issued by UK- based banks under EU27 law). AFME’s paper points to the Withdrawal Agreement as the best way to solve these cliff edge risks. It also suggests that where policymakers and regulators can take unilateral actions, this should also be done.– Ends –
Rebecca Hansford
AFME publishes revised Due Diligence Questionnaire to further standardise process for global custodians
8 Jan 2018
Click hereto download the questionnare. The Association for Financial Markets in Europe (AFME) has today published a revised version of its Due Diligence Questionnaire (DDQ) which harmonises and simplifies the process of completing questionnaires for global custodians. The AFME Due Diligence Questionnaire Task Force, comprised of approximately twenty Network Managers, reviewed the earlier 2016 questionnaire and additional questions proposed by market participants. The revised DDQ now incorporates approximately 20 additional questions. The revised document should further standardise the process by allowing firms to use the AFME DDQ without sending a sizeable addendum of additional questions. An additional section has also been added for when the recipient is providing Global Custody services, following request from AFME members. Alan Cameron, Head of Market Strategy-Brokers, at BNP Paribas Securities Services and Chair of the AFME Due Diligence Questionnaire Task Force, commented: “We were glad to get this review completed in time for 2018. We reviewed many proposals, and while the changes to the previous version are minimal, the most significant change is the addition of a Global Custody section to allow those entities to outline their approach to due diligence for third parties. Our thanks are due to the many banks that participated in this process creating a harmonised document for the industry.” Stephen Burton, Managing Director, Post Trade at AFME, added: “It is encouraging to hear an ever-increasing awareness that the questionnaire can significantly reduce the time spent completing and reviewing due diligence questionnaires. Members devoted a significant amount of their time to make this document even more useful for the industry. We were able to rationalise some questions and added a Global Custodian Section.” AFME encourages the broadest use of this DDQ. It is available to all, free of charge, on AFME’s website. Click here to download. – Ends –
Rebecca Hansford
AFME comments on the coming into effect of MiFID II
3 Jan 2018
Commenting on the implementation of the Markets in Financial Instruments Directive (MiFID II), and the associated delegated regulation (MiFIR) today, Simon Lewis, Chief Executive at AFME, said: “Today sees MiFID II take effect. It is one of the most impactful and wide-reaching pieces of financial regulation to affect our industry to date. The review of the Markets in Financial Instruments Directive (MiFID II), and the associated delegated regulation (MiFIR) will fundamentally affect the way investment firms trade and interact with their clients, as well as how the European securities market ecosystem works.“In addition to strengthening the general investor protection regime and enhancing the current regime for equities markets, MiFID II extends this revised regime to an expanded range of product classes, including fixed income products and over-the-counter (OTC) derivatives. AFME supports the regulatory aims of the MiFID review of enhanced levels of investor protection, increased competition across the financial markets and calibrated transparency to facilitate fair, orderly and liquid markets.“Our members have been working closely and diligently with policymakers, regulators and the financial market industry to prepare for the go-live of this challenging project. AFME has been supporting its members through this implementation period and we will be continuing our constructive engagement, examining the impact of the MiFID package over the next few months.”– Ends –
Rebecca Hansford
GFMA Publishes Key Principles for Cybersecurity Penetration Testing Framework
11 Dec 2017
HONG KONG, LONDON and WASHINGTON, X December 2017 – The Global Financial Markets Association (GFMA) today published a set of principles to guide the development of a commonly accepted framework for cybersecurity penetration testing. In furtherance of our collective goal to increase security and resiliency, and given increased regulatory interest in penetration testing requirements, GFMA’s goal is to encourage dialogue and share insights between the industry and regulators that would result in a globally coordinated approach to the regulatory use of penetration testing. Specifically, GFMA aims to facilitate a multi-regulator endorsed approach that enables regulators to drive consistent supervisory objectives and allows firms to maximize the utility and insight of approved penetration testing while minimizing risk. Penetration testing serves as one of the foremost tools in enabling a robust security program for financial institutions. Such testing allows firms to evaluate their systems and the controls that protect them in order to identify and remediate vulnerabilities, thereby strengthening their infrastructure against cyber threats. It is clear that the increased use of penetration tests provides a benefit to regulators and financial institutions as part of cyber preparedness. However, this also leads to risks that must be considered, including: Multiple regulatory frameworks can result in unnecessary duplication of sensitive information, putting financial firms, their clients, and other downstream third-parties at unknowable risk; Testing insights are reduced when regulators narrow options for test personnel and testing methods; Increasing regulatory demands requires testing teams spend more time complying with requests, reducing efficiency gains that could be better used increasing security of the sector, business partners, the supply chain and operational controls; Multiple regulatory frameworks can result in inconsistent reporting and the inability to develop a credible assessment of the sector due to lack of comparability; Penetration testing of critical systems in production creates the significant potential to disrupt firm operations; and Creation of multiple one-size-fits-all penetration testing frameworks disproportionately impacts midsize and smaller financial institutions. A number of jurisdictions around the world already leverage penetration testing in their regulatory regime. The goal of the GFMA proposal is not to compete with existing frameworks but rather to coordinate their development and use to ensure that financial institutions are able to safely, securely and efficiently comply with their supervisory requirements. The GFMA penetration testing framework is similarly aligned with the G-7’s broader recommendations on how institutions can conduct effective cybersecurity assessments, promoting safe and effective testing methods. The industry needs a flexible coordination framework established to perform realistic and rigorous penetration tests in a meaningful and efficient manner. GFMA’s principles for a commonly accepted penetration testing approach include: Provide regulators the ability to guide penetration testing programs, based on recent threat intelligence, to meet supervisory objectives through the use of common risk-based scenarios and agreed upon scheduling and scoping of testing activities; Provide regulators high confidence that penetration testing is conducted by trained, certified personnel with sophisticated tools and techniques to accurately emulate adversaries; Provide regulators transparency into financial firm governance processes to provide assurance that identified weaknesses are properly addressed; Ensure testing activities are conducted in a manner that minimizes operational risks; and Ensure data security by adhering to strict protocols for handling test results data due to the highly sensitive nature of this information. “The development of a global penetration testing coordination framework can address the respective needs of regulators and the financial industry, allowing for the continued confidence and growth of the world’s financial markets and economy,” said Mark Austen, chief executive officer of GFMA and chief executive officer of ASIFMA. “We hope these principles provide a foundation for continued dialogue and engagement between the public and private sector, and look forward to input from our regulators. The industry continues to believe that regulatory harmonization is critical to efficient and effective cybersecurity.” As first steps in the process, the industry suggests: Agreeing upon independent governance and assurance standards sponsored by an existing, identified voluntary international industry consensus standards body; Identifying qualification standards to rigorously certify individual assessors, teams of assessors and assessor organizations, all of which are equally accessible for in-house resources as well as third-party vendors; and Identifying quality standards for the technical delivery, evidence collection and reporting for all associated assessment methodologies to ensure they are performed to appropriate levels. The full Principles document is available here: -ENDS- ContactsCorliss Ruggles, +852 9359 6996, [email protected] Hansford, + 44 (0)20 3828 2693, [email protected] Pierce, +1 (212) 313-1173, [email protected]
Loading...

Rebecca O'Neill

Head of Communications and Marketing

+44 (0) 20 3828 2753