The Dear CEO Letter issued by the Central Bank of Ireland (CBI) this month regarding compliance with MiFID II's marketing and advertising requirements sets out key actions for Irish-authorised MiFID investment firms, credit institutions and fund management companies that provide MiFID II services to retail clients.
The Letter (which must be read in conjunction with the recent ESMA Report on the application of MiFID II marketing requirements) follows a recent CBI thematic review of how firms apply MiFID II's marketing and advertising requirements, and sets out the CBI's supervisory expectations regarding how those requirements are met.
The need for robust (and documented) governance and oversight is a key theme throughout the Letter, as is the need for clearly supervised (and regularly reviewed) framework where responsibility is outsourced.
The CBI's review identified deficiencies in some firms' governance and control frameworks – findings which are broadly consistent with those of the ESMA Report. The ESMA Report identified various areas for improvement including the need for adequate approval and review processes, adequate record-keeping measures, and the involvement of control functions and senior management in internal processes and procedures regarding development, design, and oversight of marketing materials.
NEXT STEPS FOR IN-SCOPE FIRMS
In-scope firms are Irish-authorised MiFID investment firms, credit institutions and fund management companies that provide MiFID II services to retail clients.
The CBI issued several risk mitigation programmes (RMPs) to firms arising from the review and will continue to follow-up with firms where mitigating actions are needed.
It expects each firm's board to ensure that robust governance, internal control and oversight arrangements are in place, and that sufficient resources are deployed, to ensure that the firm can continuously show its compliance with MiFID II's marketing and advertising framework.
Each firm must review its marketing and advertising practices against the Letter and the ESMA Report (and any RMP issued to it), and document that review (which must include details of actions taken to address the findings of ESMA and the CBI).
The review must be completed, and an action plan discussed and approved by the board (and minuted), by 31 January 2025.
Findings from the CBI's recent mystery shopping exercise should also be considered by firms when carrying out their reviews.
CORE ESMA / CBI FINDINGS
- Most firms aren't clearly identifying all marketing and advertising content as such.
- While most firms have policies and procedures in place for marketing and advertising, deficiencies were identified deficiencies in the governance and control frameworks set out in those policies and procedures. The Letter noted that no firm covered by the review differentiated the review and approval process for marketing and advertising depending on the communication channel i.e. print media v social media, and some firms don't have specific policies in respect of digital marketing and advertising. The Letter reminds firms that policies and procedures will need to be updated to take account of any changes to the MiFID II marketing and advertising framework arising from the European Commission's Retail Investment Package or future ESMA guidance / Q&As. Once the CBI completes its CPC review later this year, policies and procedures will also need to be updated to reflect the CBI's final 'Guidance on Securing Customers' Interests'.
- Where firms outsource marketing and advertising functions to a parent / group entity, most don't have a documented service level agreement (SLA), couldn't properly define the arrangements that are in place, and couldn't demonstrate a framework for measuring service quality. The CBI highlighted that the use of influencers to carry out promotional activities should be classified as outsourcing, and a written SLA should be put in place.
- Cases of imbalanced, unclear and potentially unfair or misleading published content on digital were identified with a small number of firms.
- Some firms aren't meeting their obligations regarding risk warnings for contracts for difference.
- There is over-reliance by some firms on the initial review and approval process to identify errors / omissions in marketing and advertising. Some firms aren't involving their compliance functions in a post-publication process, and some firms have no 'lines of defence' model for pre-publication reviews of marketing and advertising.
- Approaches to identifying the target audience for marketing / advertising varied.
The Schedule to the Letter goes through the above issues in more detail and identifies good practices that it noted as part of the CBI review – those examples should be considered by firms as part of their reviews over the coming months.
Firms should prioritise reviews of their MiFID II marketing and advertising frameworks, particularly their governance and control frameworks, policies and procedures, and outsourcing arrangements to enable the resulting action plan to be reviewed and actioned in advance of the 31 January 2025 deadline.
This article contains a general summary of developments and is not a complete or definitive statement of the law. Specific legal advice should be obtained where appropriate.