On 2 March 2023, the Central Bank of Ireland (the "Central Bank") published its third annual Securities Markets Risk Outlook Report (the "Report"). The Report highlights the conduct risks that the Central Bank has identified as key for securities markets in 2023, being external risk environment, sustainable investing, market integrity, market conduct risk management, delegation and outsourcing, cybersecurity, data quality and digital innovation.The Report also outlines the Central Bank's expectations of regulated financial service providers ("RFSPs") and market participants in terms of identifying, mitigating and managing those risks in the context of their particular business activities.
Supervisory Priorities for 2023
The publication of the Report follows hot on the heels of the Central Bank's cross-sectoral 'Dear CEO' letter dated 16 February 2023 addressing the key regulation and supervisory priorities for 2023 (the "Letter"). The priorities of the Central Bank of most relevance to funds and their service providers are:
- assessing and managing risks to the financial and operational resilience of firms. This includes the potential decline in asset quality arising from prevailing inflationary pressures, lingering effects from the pandemic and a slowdown in the UK economy;
- progressing actions on the systemic risks generated by non-banks, in particular advancing a macro-prudential framework for non-banks and improvements to our legislative frameworks and investor protections in the investment fund sector;
- implementing new EU regulations on digital operational resilience for the financial sector ("DORA") and markets in crypto assets ("MiCA"); and
- strengthening the resilience of the financial system to climate change risks and its ability to support the transition to a climate-neutral economy, along with implementing the EU's Sustainable Finance Disclosures Regulation ("SFDR").
Key Risks – A Specific Focus on those of relevance to Funds and their Service Providers
While the scope of the Report is far reaching, we have sought to summarise the key points of relevance for funds and fund service providers in this update.
External Risk Environment (Highly Leveraged funds, Less Liquid funds and Sanctions)
With the successive shocks of COVID-19, the Russian invasion of Ukraine and the return of inflation, volatile market conditions are being experienced that are markedly different from those in the previous decade. The aforementioned factors contributed to a sharp fall in asset prices internationally and therefore have a particular effect on both highly leveraged funds and less liquid funds.
Against the backdrop of tighter financial conditions, a slowdown in the post-pandemic recovery, negative market sentiment and broader market illiquidity there has been a weakening in markets for perceived riskier assets. Of particular relevance, the Central Bank notes recent measures it has taken to make funds employing liability driven investment strategies more resilient (in the wake of the UK GILTs crisis) as well as the introduction of macro prudential measures for Irish authorised funds with 50 per cent or more of their total assets under management in Irish property assets.
Funds investing in less liquid assets such as high yield bonds must remain vigilant in meeting redemption requests by ensuring that redemption frequency is closely correlated to underlying asset liquidity and that appropriate liquidity management tools ("LMTs") are in place to ensure the fair treatment of all investors.
The wide range of financial sanctions imposed on Russia and Belarus in response to the Russian invasion of Ukraine have also affected securities markets participants. Irish funds have limited exposure to sanctioned assets; however, sanctions have led to the suspension of some funds which in turn has led to impacted investors. Risks remain from further sanctions affecting assets and from a reduction of liquidity when seeking to dispose of Russian assets.
The Central Bank expects RFSPs to:
- conduct robust stress testing, to be updated regularly, to take due account of market dynamics so that all funds are positioned to ensure their liquidity arrangements are sufficient to meet redemptions and margin calls;
- ensure that LMTs are being utilised when needed and that appropriate LMTs are in place;
- verify valuations of assets affected by rising interest rates and sanctions; and
- have appropriate systems and controls in place to identify relevant sanctioned instruments and individuals to ensure they are compliant with their obligations in relation to financial sanctions.
Sustainable Investing
Similar to 2022, sustainable finance has, unsurprisingly been highlighted again as a key priority for 2023 by the Central Bank. As the pace of climate change increases, the speed of transition to meet the goal of net-zero emissions and become a carbon neutral economy has taken on greater significance.
A key milestone in the Central Bank's regulatory work programme for this year is to enhance the governance, oversight and investor outcomes specifically in the funds sector, including the implementation of new ESG requirements and measures to mitigate greenwashing risks. The Central
Bank also intends to focus on strengthening the resilience of the financial system to climate change risks and its ability to support the transition to a climate-neutral economy, along with implementing SFDR. The Central Bank's thematic review of investment fund classifications and a spotcheck review of the SFDR Level II filings are currently underway.
The Central Bank has re-emphasised the importance of SFDR product classifications with a focus on ensuring that investors are fully informed and are in no way misled where investments or financial products are described as "green" or "sustainable". RFSPs are expected to have robust procedures and policies in place to ensure products marketed as such meet the criteria required.
Fund management companies are required to integrate sustainability risks into the management of their funds, their conflicts of interest procedures and their risk management processes. Noting ESMA has made ESG disclosures a Strategic Supervisory Priority for 2023 (and beyond), the Central Bank will be an active participant in its Common Supervisory Action on sustainability aimed at promoting transparency and tackling greenwashing.
Market Integrity
Those funds and their service providers subject to the Market Abuse Regulation should, in particular, take note of the Central Bank's expectations in terms of reporting of suspicious transactions, order reports and insider lists.
Market Conduct Risk Management (Conflicts and Hybrid-Working)
The Central Bank places an onus on firms to develop and embed governance, control and surveillance frameworks that are more robust for the management of wholesale market conduct risk inherent in their business, in particular, the Report highlights the importance of RFSPs maintaining effective conflicts of interest policies and processes.
The Central Bank has stressed the need to mitigate emerging risks in what is a rapidly changing geopolitical and economic environment. An example of this rapid change can be seen in the post COVID-19 hybrid-working model which has been broadly welcomed across the industry. Firms working with such a model must continue to meet their regulatory requirements. A specific concern raised with operating an alternative working arrangement was the risk of market abuse related conduct risks arising from the use of unmonitored, unauthorised or unencrypted telephone and electronic communication devices. Firms must have policies and procedures, controls and a monitoring regime in place that has been adapted for hybrid-working arrangements.
Delegation and Outsourcing
RFSPs are expected to have regard to the Central Bank's Cross Industry Guidance on Outsourcing and ensure effective oversight and continuous monitoring of any digital processes outsourced to third parties, with the ultimate goal of ensuring that the firm retains ultimate responsibility for governance and oversight of the activities delegated to third parties.
Cybersecurity
With the likelihood and sophistication of cyber-attacks increasing in the previous year there is significant potential for market disruption. COVID-19 and the remote-working environment has increased the reliance on digital platforms to conduct business operations and heightened the risk of cybersecurity breaches occurring.
DORA, when effective will be an important regulatory milestone. DORA will seek to strengthen the cyber resilience of the European financial sector by providing strengthened and harmonised Information and Communications Technology ("ICT") risk management rules and enhancing cooperation on this topic amongst relevant authorities.
The Central Bank expects RFSPs to:
- note the priorities identified in existing guidance published by the Central Bank in recent years, many of which are closely aligned to DORA:
- ensure adequate tools and governance frameworks are in place locally to identify, measure, manage, monitor and report ICT/cybersecurity risks;
- ensure ICT governance and ICT risk management frameworks are appropriately designed and implemented; and
- ensure they have robust ICT/cybersecurity risk management practices in place.
Data Quality
As the quantity and complexity of data intensifies across securities markets it is important that market participants allocate the necessary resources to ensure the data is of the highest quality. The Central Bank notes that the datasets collected in line with AIFMD, the European Markets Infrastructure Regulation (EMIR), the Markets in Financial Instruments Regulation (MiFIR) and the Securities Financing Transactions Regulation (SFTR) are used extensively across the Central Bank and provide rich information that allow it to monitor risks, develop policy and take action when necessary. RFSPs are urged to submit accurate data on a timely basis in line with their obligations, have appropriate oversight of data reporting from board level down (including where outsourced) and in the event of data reporting issues, escalate appropriately and engage with the Central Bank as soon as possible.
Digital Innovation
While digital innovation can lead to greater efficiencies and opportunities, it may also present risks for participants in the market. RFSPs are urged to keep abreast of technological advancement, particularly in relation to the rise in online trading platforms. Such new technology requires adequate safeguards in place to protect investors and it is imperative that firms meet their regulatory obligations in this regard.
Another area of interest for the Central Bank is crypto assets which continue to pose risks to investors due to their financial instability. Noting the recent increase in queries relating to investment in crypto assets, the Central Bank again restated its current position on such assets, as outlined in its UCITS Q&As and AIFMD Q&As, that it is highly unlikely to approve a UCITS or a Retail Investor AIF proposing any exposure (either direct or indirect) to crypto assets, having regard to the specific risks attached to crypto assets and the possibility that retail investors may lack the adequate expertise to carry out an appropriate risk assessment.
RFSPs are expected to note the requirements of the forthcoming MiCA and to be mindful that the Central Bank presently considers exposure to crypto assets to be unsuitable for retail investors in line with the joint position of the European Supervisory Authorities. Risk frameworks will need to support the identification, mitigation and management of risks arising from the implementation of new technologies.
Next Steps
These recent publications from the Central Bank provide a helpful overview for boards and officers of funds, their service providers and other market participants as they navigate the regulatory year ahead. It is clear that the Central Bank expects a demonstration of clear leadership on climate issues, robust governance processes and ensuring that services are resilient from cyber risk.
It would be prudent for RFSPs to align with the Central Bank's expectations by ensuring that the risks and supervisory priorities outlined in the Letter and the Report respectively are monitored and addressed in their firm's horizon planning, risk assessment and risk mitigation programmes. Walkers will continue to keep client firms and boards appraised of developments in the Central Bank's identified regulatory and supervisory priorities on an ongoing basis.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.