Developments in Australia, the UK, Hong Kong and Singapore reinforce a global trend towards closer engagement through regulatory tools beyond just enforcement
In a nutshell:
- High volatility resulting from unpredictable global events is pushing regulators to focus on market stability, operational resilience and vulnerable consumers.
- While regulatory approaches in each jurisdiction will differ based on their market and political conditions, there is a global trend towards increasing the regulatory burden on firms to manage the risks associated with their operations.
Regulators have had to shift focus from supporting post-Covid economic recovery to ensuring financial stability in light of the impacts of unforeseen political and economic developments.
Firms can expect to see greater differentiation between regulatory approaches across the globe, as regulators develop bespoke responses to the impacts of recent developments and trends on their local economies, and to local political pressures. Nonetheless, there remain some supranational challenges on which regulators continue to strive to develop a coordinated regulatory approach, including sustainable finance and climate risk disclosure, digital markets and cryptocurrencies.
Looking ahead, we will also see increased regulatory intervention to proactively prevent or manage harms (‘prevention is better than cure’), with a continued focus on protecting vulnerable consumers in response to ‘cost of living’ pressures and the opportunities and challenges presented by new technologies and changed work patterns. This will lead to increased regulatory complexity as financial institutions navigate the tensions between new and existing obligations and expectations.
In Australia, there is new leadership at the corporate, financial services, banking and competition regulators setting the new tone of regulatory supervision and enforcement focus. ASIC in particular is continuing with its focus on enforcement through litigation and is starting to seek enforceable undertakings again now that the Royal Commission into Banking Misconduct is in the rear view mirror. Regulators' collective current focus is on ensuring financial stability and protecting vulnerable consumers in response to significant economic volatility and higher inflation.
Over the near term, we anticipate increased reliance by regulators on their broad regulatory tools (including exercising their new powers) to improve the operational resilience of financial institutions, in particular cyber security, and to proactively protect customers (including in relation to scams). In this regard, we have already seen or are soon to see:
- substantial engagement by APRA on operational resilience and cyber security, through thematic surveys and workshop reviews, climate change as well as a broadening suite of prudential standards;
- ASIC’s use of its new powers under the relatively new product “design and distribution obligations” regime and “product intervention powers” regime and its new civil penalty powers in relation to unfair terms, as well as the extended regime for regulated entities to self-report and remediate regulatory breaches;
- the extension of the existing individual accountability regime for senior executives from just applying to banks to a larger number of financial services providers and their significant related entities.
In the UK, the development that will lead to many key changes expected in 2023 is the enactment of a new Financial Services and Markets Bill. Some of the reforms are Brexit-driven (e.g. revoking retained EU law and giving financial regulators more rule-making powers), while others aim to increase the competitiveness of UK markets (e.g. new secondary objectives for the FCA and PRA to support long-term growth and international competitiveness) and enable new technologies (e.g. regulation of stablecoins used as payment and the Financial Market Infrastructure sandbox).
Measures to reinforce consumer protection and operational resilience of financial markets are also covered within the Bill (e.g. regulatory oversight of critical third parties and liability of payment service providers for fraudulent transactions).
In response to these reforms, the PRA aims to address risks and opportunities in a responsive and dynamic way, tailored to the UK's circumstances, but also to make its policies more accessible. The FCA remains focused on its ambition to become more forward-looking, proactive, innovative, tough, assertive and adaptive, and is increasingly data-led. The new Consumer Duty, to be implemented by firms by mid-2023, creates enhanced expectations for firm monitoring of consumer outcomes, and should support the FCA to more quickly identify and intervene in practices that adversely impact those outcomes.
|EU co-legislators will continue to forge ahead to enhance ESG regulation (see our articles on Sustainability and Financing a fairer future) and the EU's digital assets framework (including a framework for the development of the digital euro and the finalisation of its new cryptoassets regime) in 2023. The EU's Digital Operational Resilience Act, which lays down requirements for the security of network and information systems of financial institutions and critical third parties providing ICT, is also expected to come into effect. In addition, the EU plans to address gaps to the functioning of its Banking Union by reforming the Bank Recovery and Resolution Directive and the State aid rules for banks in difficulty.
|Hong Kong and Singapore
In Hong Kong and Singapore, regulators have continued to focus on operational resilience and enhancing investor protection in the midst of heightened market volatility and accelerated digitalisation of financial services. In this regard, the regulators have recently introduced various new regulatory regimes, as well as enhancements to the existing regimes, including:
- strengthening the statutory enforcement powers of the Securities and Futures Commission (SFC) to safeguard investors' interests, including in relation to obtaining compensation for investors (see our June 2022 briefing and our June 2021 briefing);
- the new licensing regime for virtual asset service providers (VASPs) expected to take effect on 1 March 2023 and which, as a result of recent public feedback and rapid change in the virtual asset landscape, may be expanded to allow provision of services to retail investors (see our bulletin);
- the Monetary Authority of Singapore (MAS) has issued revised Guidelines on Business Continuity Management, which set out the need for financial institutions to take an end-to-end service-centric view in ensuring the continuous delivery of critical business services to their customers; and
- expanding MAS' power to issue directions and make regulations necessary for the management of technology risks (including cyber security risks), and the safe and sound use of technology to deliver financial services and protect data.
The SFC has also recently appointed a new Executive Director to the Enforcement Division, and Ashley Alder, currently CEO of the SFC, will become the new chair of the UK FCA in early 2023. Despite these changes, we expect that protecting investors from financial fraud, including in the context of ramp-and-dump schemes, will remain a top enforcement priority.