UK financial services legislation is a mixture of UK and European Union (EU) legislation, reflecting the UK’s historic position as a member of the European Union until January 2020.
The Financial Services and Markets Act 2000 (FSMA) is the primary UK statute governing the financial services sector in the UK, defining the role and purpose of the regulatory authorities. FSMA has been subsequently significantly amended following the financial crisis of 2008-09 to introduce changes (such as the UK Senior Managers Regime and bank ring-fencing requirements) to enhance the resilience of the UK financial services sector.
FSMA makes it a criminal offence to undertake regulated activities by way of business – or (in broad terms) to promote financial services or products – in the UK unless duly authorised or exempt. The list of regulated activities that a bank may undertake is set out in the FSMA (Regulated Activities) Order 2001 (RAO). Exclusions exist, which (in broad terms) permit wholesale activities to be undertaken into the UK by foreign banks without obtaining authorisation.
Separate UK legislation governs the provision of payment services (the Payment Services Regulations 2017), and the issuance of electronic money (the Electronic Money Regulations 2011).
A significant proportion of UK banking regulation is derived from EU directives and regulations.
FSMA and the secondary legislation and regulators’ rulebooks made under it implement a number of European law directives into UK law. European regulations, which are directly applicable, are the other key source of UK legal requirements for UK banks, including the Capital Requirements Regulation (Regulation (EU) 575/2013 (CRR), which implements the revised Basel Accord), the Market Abuse Regulation (Regulation (EU) 596/2014) and the Markets in Financial Instruments Regulation (Regulation (EU) 600/2014 (MiFIR)).
The UK left the EU on 31 January 2020 (Brexit) and is currently in the implementation period, which is due to end on 31 December 2020 (IP Completion Date or IPCD). Post-IPCD, EU law will cease to apply in the UK: the EU regulations referred to above, and other EU-derived legislation, will be incorporated into UK law as they apply at that date and amended to render them fit for purpose in their new context under the EU Withdrawal Act 2018. This is colloquially referred to as "onshoring" (see the UK Trends and Developments chapter).
The UK operates a "twin peaks" system of financial regulators, with two principal regulators – the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) – each with its own rulebook. Additionally, the Bank of England (BoE) acts as the resolution authority, and has the primary regulatory responsibility for dealing with failed banks.
The PRA is the prudential regulator for banks, and the FCA regulates banks’ conduct. The PRA has a statutory objective to promote the safety and soundness of the institutions it regulates, with a view to ensuring the stability of the UK financial system. The FCA’s strategic objective is to ensure that the UK’s financial markets function well. The FCA is responsible for regulating a wide variety of regulated firms and activities, including investment services, payment services, retail lending and insurance distribution.
The BoE also operates a Financial Policy Committee, which is the UK’s macro-prudential regulator responsible for the regulation of the broader UK financial system from a macro-economic perspective. The Financial Policy Committee has power to make recommendations to the FCA and PRA in certain cases.
Section 19 of FSMA prohibits persons from carrying on regulated activities by way of business in the UK, unless duly authorised or exempt.
Regulated activities include deposit-taking. This is triggered if money received by way of deposit is lent to others, or if the conducting of any other activity of the person accepting the deposit is financed out of the capital of, or interest on, money received by way of deposit.
Lending is generally not regulated in the UK, with the exception of various activities relating to home finance and consumer credit activity. A number of activities relating to derivatives, securities or fund units are also regulated activities, including dealing, advice, portfolio management and custody, as is insurance distribution.
The UK operates a universal banking regime, meaning that (with limited exceptions for ring-fenced banks) banks can obtain authorisation to conduct any financial services except for writing insurance and the management of funds (each of which is reserved to specific classes of regulated entity). A firm authorised for deposit-taking is also permitted to provide payment services and issue e-money.
Pre-IPCD, EU providers benefited from so-called "passporting" rights under various EU directives, enabling them to provide services or establish branches in the UK. Post-IPCD, passporting rights cease to apply and EU firms will require a UK licence in order to be able to continue to undertake regulated business in the UK (subject to a temporary permissions regime (known as the TPR), under which they are deemed authorised for a temporary period), or will need to operate outside the territorial scope of the UK regime.
A bank looking to establish itself in the UK must obtain authorisation by applying for a so-called Part 4A Permission under FSMA, which will permit it to take deposits and conduct any other regulated activities within the Permission. The application is made to the PRA and FCA (the PRA acts as lead regulator), and requires the submission of extensive and detailed information about the institution, including the completion of a permissions table that sets out in detail the permissions applied for (per type of activity and client type). It is advisable for the applicant to liaise with the PRA in the pre-application phase.
In addition to the application forms, an applicant firm must also provide the following:
The application will be reviewed by, and subject to the approval of, both the PRA and the FCA.
In reviewing an application for authorisation, the FCA and the PRA will assess the applicant against the threshold conditions for authorisation, which include the following requirements:
The PRA and FCA must make a decision on the suitability of the applicant within a six-month period beginning from the date on which they receive a completed application form. The regulators also have the power to request further information, which resets the start of the six-month period, meaning that the licensing period, in practice, can extend to up to a year.
The application fee is non-refundable regardless of the outcome; if successful, the bank must then pay an annual fee to either the FCA or the PRA, the cost of which varies based on what type of bank the applicant is looking to set up, and the revenue the bank generates. Retail consumer banks also need to pay fees levied by the Financial Ombudsman Service (FOS) and Financial Services Compensation Scheme (FSCS). Licences granted to banking institutions are theoretically indefinite, albeit with the caveat that the PRA has the power to suspend the licence at any point, as well as impose fines, where the bank fails to comply with the regulatory framework.
Under Section 178 of FSMA, any person intending to acquire or increase their level of control of a UK-headquartered bank must provide written notice of such to the PRA (no requirement applies to foreign banks with a UK branch). Prior to the acquisition taking place, the PRA requires a 60-day window to elapse, or approval to be given before the 60 days is up, before the transaction can be completed. In this context, the meaning of "control" is defined as shareholding and/or voting rights.
This requirement is triggered by the acquisition of a holding that equates to 10% or more of the total shareholding or voting rights in a UK-authorised person, or a parent of that authorised person, or share or voting power that would enable the exercise of significant influence over the authorised person. A person’s "control" includes indirectly held voting power and is aggregated with the control of another with whom he is acting in concert.
An increase in control is deemed to have occurred whenever the percentage shareholding or voting rights crosses the 20%, 30% or 50% threshold, or if the authorised person becomes a subsidiary as a result of the acquisition. Likewise, a reduction in shareholding or voting rights at those same thresholds triggers a reporting requirement to provide the PRA with written notice; failure to comply with either of these obligations is a criminal offence.
In assessing an application, the PRA will consider a number of factors, including:
There are no restrictions on the foreign ownership of banks in the United Kingdom, subject to applicable financial sanctions requirements at a UK, EU or United Nations level.
The Companies Act 2006 provides the general basis for the general duties of directors of UK companies. Regulated firms are subject to additional requirements, reflecting the need for high-quality governance in the banking sector.
The PRA Fundamental Rules and FCA Principles establish high-level standards with which banks must comply, designed to protect the interests of customers and the wider economy as a whole. In particular, the PRA Fundamental Rules include requirements that a firm must have effective risk strategies and risk management systems (Fundamental Rule 5), and that a firm must organise and control its affairs responsibly and effectively (Fundamental Rule 6). These high-level requirements are supplemented by the General Organisational Requirements Part of the PRA Rulebook, which implements a number of more detailed organisational requirements under the European regulatory framework under the revised Capital Requirements Directive (CRD IV) and Markets in Financial Instruments Directive (MiFID II). These include requirements for a robust governance framework, including a clear organisational structure with well-defined, transparent and consistent lines of responsibility, for effective processes to identify, manage, monitor and report risks, and internal control mechanisms, and for the management body to define, oversee and be accountable for the implementation of governance arrangements that ensure effective and prudent management.
The FCA and PRA rules are also supplemented by EU Delegated Regulation 2017/565 as regards organisational requirements and operating conditions for investment firms, which imposes more detailed requirements around the compliance, risk and internal audit functions, outsourcing and management of conflicts of interest.
Senior management and personnel are required to be not only sufficiently experienced in their field, but also of sufficiently good repute, in order to ensure the prudent and sound management of the bank. The bank must ensure that it has two employees who qualify as such, and that at least two of these individuals should be independent in their formulation of ideas and the bank’s policies.
Additionally, diversity must be taken into account when selecting management members; regulators must be notified of the composition of the management team, and changes made to it; management must have adequate access to information about the bank’s operations; and the effectiveness of the bank’s operations must be monitored and periodically assessed, with steps taken to remediate problems.
The UK framework includes added requirements for significant firms, such as obligations to have a separate chair and CEO, and to have separate board risk, nomination and remuneration committees.
Further requirements apply to UK banks that are UK listed or subject to the UK ring-fencing rules under the UK Corporate Governance Code’s principles of good governance, as overseen and maintained by the Financial Reporting Council.
The Senior Managers and Certification Regime (SMCR) was implemented in March 2016 in the wake of the financial crisis, as a response to a perceived lack of personal accountability amongst individuals working in the financial sector. The SMCR aims to encourage responsibility amongst employees at all levels, and to improve conduct and encourage clear demarcation of responsibility. The SMCR is broken up into three separate regimes.
The Senior Managers Regime (SMR) focuses on individuals performing defined senior management functions (including executives, the chief risk officer, the head of the finance function, the heads of key business areas and the head of compliance). They must obtain approval from the regulator to perform senior management functions at their firm, regardless of whether they are physically based in the UK or overseas. Firms must assess whether senior managers are fit and proper to perform their roles both at the outset (including by taking references) and thereafter. Senior managers are also subject to the "duty of responsibility", which requires them to take reasonable steps to prevent breaches of regulatory requirements in their area(s) of responsibility from occurring or continuing. Each regulator sets out a list of prescribed responsibilities that must be allocated among the senior managers, with the intent that senior managers are accountable to the regulators for those responsibilities. UK banks are also required to maintain a management responsibility map describing the firm’s management and governance arrangements, including reporting lines and the responsibilities of senior staff.
The Certification Regime focuses on individuals who are deemed by the regulator to pose a threat to the firm or its customers, by the nature of their role (certified persons). Examples of roles that are denoted as such include individuals who give investment advice, or bear responsibility for benchmarks. Certified persons are not "pre-approved" by the regulator, but instead their employers must seek certification that they are fit and proper both at the start of their employment (including by taking references) and annually on a rolling basis.
The Conduct Rules are high-level expectations of all staff involved in the running of the bank. They apply to senior managers, certified persons and almost all other employees of the firm, with the exception of those who perform ancillary functions.
UK remuneration requirements have been set in accordance with the EU provisions set out under CRD IV, subject to limited additional restrictions implemented following the financial crisis of 2008. The requirements are set out in remuneration codes of the PRA and FCA, and apply differently depending on the nature of the firm and its activities. UK banks are subject to both the PRA and FCA Remuneration Codes.
Groups in the UK must apply the Remuneration Codes to all their regulated and unregulated entities, regardless of their geographic location. Subsidiaries of UK banks in third countries must also apply the Remuneration Codes to all subgroup entities, including those based outside the UK. The Remuneration Codes also apply to UK branches of third country firms.
Some requirements of the Remuneration Codes apply universally to all employees, such as those limiting variable pay or termination payments, whereas others only apply to staff classified as “Code staff”. Code staff are employees who are either senior managers or "material risk takers", individuals engaged in control functions, and any individual whose total remuneration places them in the same remuneration bracket as senior managers. If an individual is classified as Code staff but satisfies the requirements for the "de minimis" concession, certain requirements of the Remuneration Codes can be relaxed. The de minimis concession is satisfied by an individual who has a total remuneration package that does not exceed GBP500,000 in a performance year, and where variable pay does not make up more than 33% of that total package.
Under the Remuneration Codes, various principles are applicable to an employee's pay ("remuneration", including all forms of salary and benefit payments, including in kind benefits). A bank must set an appropriate ratio between fixed and variable pay. The Remuneration Codes include bonus cap rules that cap variable pay at 100% of fixed remuneration (or 200% with shareholder approval). At least 50% of variable pay should be in equity, equity-linked or equivalent instruments, and at least 40% of variable pay (or 60% where variable pay is particularly high) must be deferred and vested over a period of three to seven years. Banks are also required to adjust non-vested deferred amounts to reflect outcomes.
Limits are also placed on guaranteed bonuses, which should be exceptional and limited to new staff, and on contract termination payments, to ensure these do not reward failure.
Finally, banks must also implement policies and procedures to ensure that Code staff do not engage in personal investment strategies that undermine the Remuneration Codes’ principles, such as insurance or hedging against the risk of performance adjustment.
The requirements in the Remuneration Codes are subject to a proportionality rule, which provides that when establishing and applying the total remuneration policies for its Code staff, a firm must comply with the requirements in a way and to an extent appropriate to its size and internal organisation, and the nature, scope and complexity of its activities. The expectations of the PRA and FCA regarding firms’ application of the proportionality rule is based on their "relevant total assets", divided into three levels. Level 1 is for firms with total assets exceeding GBP50 billion, averaged over three years. Level 1 firms will need to apply the Remuneration Codes in full, and are subject to an annual supervisory process that involves pre-approval of remuneration awards. Level 2 firms are those with total assets between GBP15 billion and GBP50 billion, averaged over three years. Firms at this level are also obliged to apply the rules in full, but will only be reviewed on a discretionary basis. Level 3 firms are those with less than GBP15 billion in total assets on average over a three-year period, and may dis-apply the "pay-out process rules" and the bonus cap as a result.
The UK is a member of the Financial Action Task Force (FATF), which is an international, intergovernmental task force (not a formal international body) set up and funded by the G7 and other members to combat money laundering and terrorist financing.
The primary legislation governing AML requirements in the UK is the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the MLR). These are supported by extensive non-statutory guidance given by the Joint Money Laundering Steering Group, which sets out what is expected of banks and staff in relation to the prevention of money laundering and terrorist financing. The principal elements of the MLR are requirements to conduct risk assessments associated with money laundering and terrorist financing, and to apply risk-based customer due diligence policies, controls and procedures, calibrated to the type of customer, business relationship, product or transaction, and taking into account situations and products which by their nature can present a higher risk of money laundering or terrorist financing; these specifically include correspondent banking relationships, and business relationships and occasional transactions with politically exposed persons.
The FCA requires that firms give overall responsibility for the anti-money laundering operations of a firm to a director or senior manager, who is responsible for being aware of the money laundering risks and taking steps to effectively mitigate them. A Money Laundering Reporting Officer must also be appointed, as the keystone of the firm’s anti-money laundering procedures.
In January 2020, the UK government enacted the Money Laundering and Terrorist Financing (Amendment) Regulations 2019, which was the legislative instrument designed to implement the European Union’s Fifth Anti-Money Laundering Directive (5MLD). The UK, in fact, has opted to exceed the requirements set out under the EU legislation, as part of its push to maintain its role as a world-leading financial centre.
The updated regulations extended the scope of the persons subject to the MLR, extended the customer due diligence requirements, created bank account portals that can be accessed by financial intelligence units and national regulators, and created a system of registration for crypto-asset businesses.
FATF issued a statement in April 2020 discussing the impacts of COVID-19 on financial crime, and the increased risks emerging in particular areas. FATF particularly highlighted the risks of fraudulent investments and phishing scams during the pandemic period. FATF is also adjusting its expectations in relation to firms, if they are able to demonstrate a reduced risk of money laundering or terrorist financing. One such concession has been allowing simplified due diligence measures, alongside the postponement of mutual evaluations and follow-up assessment deadlines in high-risk jurisdictions.
The Financial Services Compensation Scheme (FSCS) is the UK compensation fund available to customers of a majority of UK financial services firms. Its purpose is to provide a backstop in case of the failure of a regulated financial institution, paying compensation up to certain limits when the institution in question in unable to pay claims against it, or is likely to become unable to do so. It is the UK’s depositor compensation scheme, but also covers other classes of regulated business, including insurance and investment business.
The failure of a bank, the insolvency of an insurer, or the provision of negligent advice causing loss to a consumer by a financial adviser are all examples of potential justified causes for making a claim for compensation. The extent to which a claimant will be compensated in the event of a successful claim varies depending on the nature of the claim.
The regulatory rules applicable to the FSCS’s depositor protection arrangements are largely set out in the Depositor Protection module of the PRA Handbook. This provides that the FSCS must pay compensation in respect of an eligible deposit with a defaulted UK bank or foreign bank with respect to its UK branch deposits. For protected deposits, including retail deposit accounts, compensation is capped at GBP85,000, subject to a higher cap of GBP1 million for certain temporary high balances (such as a balance associated with home sales and purchases). Certain classes of depositor are ineligible for compensation, including banks, investment firms, insurance undertakings, financial institutions and certain funds.
To support the need for the FSCS to be able to make rapid payout in respect of banks in default, the depositor protection rules are supplemented by extensive requirements to ensure that banks can provide the FSCS with the requisite information to make compensation payments. These are centred around the so-called Single Customer View, which is a dataset made available to the FSCS to enable it to identify clients and their claims in order to be able to identify and fund compensation payments.
The FSCS primarily operates under Part 15 of FSMA, which sets out the governance of the scheme, as well as the capacity of the FCA and PRA to make rules in relation to the FSCS. The scheme is officially managed by Financial Services Compensation Scheme Ltd, operating as a guarantee-limited company.
The scheme is principally funded via fees and levies charged to participating firms. These costs include the management expenses levy (broken up into yearly base cost running fees, and specific costs for particular funding classes) and the compensation costs levy, which is primarily a result of the costs incurred by the FSCS in paying out compensation.
Firms participating in the scheme are typically allocated into one or more funding classes, decided on the basis of the regulated activities they perform. The amount each firm is obliged to pay is based on which of these funding classes they have been placed in, up to a maximum amount per funding class each year. If a firm were to fail, and there was insufficient funding available from the other institutions in that funding class, the costs would be pooled across all the funding classes through a mechanism known as the FCA retail pool.
The UK does not have a specific statutory regime regulating banking secrecy, but instead relies on the common law duty of confidentiality between the customer and bank, borne from their contractual relationship. Common law provides that the bank has a duty of confidentiality to the customer, as an implicit term of the contract.
The duty of confidentiality from a bank to its customer broadly covers all information about the customer that is held by the bank. The case of Tournier v National Provincial and Union Bank (1924) established that the duty expressly covers the credit or debit balance of the customer’s account, all transactions made through the account, and the securities given in respect of the account.
This duty of confidentiality also extends beyond the lifetime of the account, continuing to apply after it is no longer active or even closed. It further extends to information that is held by the bank about the customer that is from a source other than the customer’s own account, if the acquisition of this information was an indirect result of the customer holding that account.
The bank’s duty to the customer is not absolute; there are a number of exceptions to the duty established in Tournier that allow a bank to divulge information in certain circumstances. Information may be disclosed by the bank if the customer has provided their express or implied consent to the disclosure, if the bank is legally compelled, if there is a public duty, or if the disclosure would protect the bank’s own interests.
If a customer has agreed, however, to express terms in their contractual relationship with the bank to permit disclosure in particular situations, then this agreement would take precedence over Tournier. Regulators also have some additional specific powers in relation to compelling bank disclosure; the FCA has statutory powers to require certain disclosures, as does HMRC (the UK’s tax authority) in respect of tax. Likewise, if there are reasonable grounds for suspicions of money laundering or terrorist financing, banks may be compelled to co-operate in providing information under AML and CTF legislation.
When the FCA or PRA requires a disclosure to be made by a bank to its investigators as part of an ongoing investigation, it is subject to a statutory obligation of confidentiality with respect to the information, subject to limited "gateways" permitting disclosure in certain circumstances.
As the duty of confidentiality is a common law regime, rather than a statutory one, a breach of contract or a breach of common law is the potential result of a bank failing to observe the customer's rights. The customer may seek an injunction, even pre-emptively, in order to prevent a breach, or to restrain or avoid a repetition of something previously disclosed. The customer may then also seek damages potentially for a breach of contract, presuming that there are express confidentiality provisions, or for a common law breach of the duty of confidentiality.
As a member of the G20, the UK has implemented the Basel Accord. The principal legislation implementing the Accord is CRD IV and the CRR, which apply the Accord to all banks and certain investment firms. The EU and UK are at an interim stage of implementing the Basel III package: a number of elements are still to be implemented in the UK, including the Fundamental Review of the Trading Book, the revisions to the Standardised Approach to risk-weighting, the Net Stable Funding Ratio, elements of the Leverage Ratio, changes to the large exposures regime, and changes to the treatment of exposures to funds and central counterparties.
All authorised banks are subject to PRA Rule 4, requiring institutions to hold and maintain adequate financial resources. UK banks are additionally subject to detailed risk management, capital and liquidity requirements that do not apply to non-UK banks, with the exception of some risk management requirements, which apply at branch level.
A bank must be able to identify, manage, monitor and report actual or potential risks through adequate risk management policies and procedures and risk assessments. Specific risks that a bank must plan for include credit risk, market risk and liquidity risk, but also less apparent sources of risk such as operational risk, residual risk, group risk and reputational risk.
A bank must establish and maintain an independent risk management function implementing its policies and procedures and reporting to or advising senior personnel accordingly. The risk control arrangements should (where appropriate considering the bank's size, nature and complexity) include a chief risk officer (CRO) and a board-level risk committee.
The CRO should, among other things, be accountable to the board, be fully independent of business units, have sufficient stature and authority to execute the responsibilities, and have unfettered access to any part of the bank's business that impacts its risk profile. The CRO is expected to report to the chief executive, chief finance officer or other executive directors.
A risk committee should be headed by a non-executive director and be composed mainly of non-executive directors. The risk committee oversees and challenges the bank's risk monitoring and management, and advises the board on risk strategy and oversight. A bank's internal control mechanisms and procedures must permit verification of its compliance with rules adopted under CRD IV and CRR at all times.
The CRR imposes capital requirements on UK banks in the form of risk-weighted asset and leverage requirements.
Risk-weighted asset capital requirements oblige a bank to maintain regulatory capital ratios by reference to a bank’s "total risk exposure amount", which weights the accounting value of a bank’s assets and credit exposures according to their potential to suffer loss.
Regulatory capital comprises Tier 1 capital (comprising Common Equity Tier 1 (equity) and Additional Tier 1 (equity-like hybrid capital instruments)) and Tier 2 capital (deeply subordinated debt). Common Equity Tier 1 capital is the highest quality capital, generally comprised of ordinary share capital and reserves. Additional Tier 1 capital is the next level of quality of capital, comprised of perpetual subordinated debt instruments or preference shares that must automatically be written down or converted into CET1 if the bank’s CET1 ratio falls below a specified level. In practice, the PRA generally expects that this level is at least 7%. Tier 2 capital is capital that is of an insufficient quality for CET1 or AT1, and is comprised of subordinated debt or capital instruments with an original maturity of at least five years, meeting specific criteria.
The Pillar 1 minimum capital requirements that currently apply to UK banks under CRD IV require the following:
These are supplemented by buffer requirements. Pillar 2A captures those risks against which banks must hold capital and that are not eligible under the Pillar 1 regime. This includes the combined buffer, formed of a capital conservation buffer of 2.5% of the total risk exposure amount, a countercyclical buffer (recently cut to 0% as part of the COVID-19 mitigation policies), a buffer for global and other systemically important institutions, and a systemic risk buffer for banks subject to UK ring-fencing requirements. Pillar 2B, or the PRA buffer, takes into account a bank’s ability to withstand severe stress, alongside perceived deficiencies in its risk management and governance framework, as well as any other information deemed relevant by the PRA.
In determining risk-weighted assets, the bank’s assets and liabilities are divided into the trading book and non-trading book. In determining capital requirements in the non-trading book, banks may follow the standardised or (with PRA approval) internal ratings-based approach. Capital requirements in the trading book comprise counterparty credit risk and market risk, position risk, equity risk, commodities risk, foreign exchange risk and risk associated with options and collective investment schemes. As with the non-trading book, the rules contemplate a variety of methods of calculating risk-weighted asset requirements. The risk-weighted asset requirement also includes a metric for operational risk.
Unlike the risk-weighted assets ratio, the leverage ratio is non-risk sensitive. The leverage ratio is not yet binding under the CRR, but the PRA has implemented the leverage ratio to be a binding metric in the UK for systemic UK banks, requiring that a bank’s Tier 1 capital exceed 3.25% of its total assets and off-balance sheet exposures. The PRA has also issued firm-specific countercyclical buffer and additional leverage ratio buffer requirements for such banks.
The Bank of England also regulates the minimum requirement for own funds and eligible liabilities (MREL) found in Directive 2014/59 on bank recovery and resolution (BRRD), and has also implemented the FSB’s standards on total loss-absorbing capacity (TLAC) through the MREL framework. The BoE has issued a policy statement establishing its approach to MREL. The quantum of the MREL requirement depends on the resolution strategy of any given bank, which in turn depends on its size and the nature of its activities. The largest UK banking groups are expected to issue MREL that broadly equate to either twice their risk-weighted asset or leverage capital requirements, whichever is higher.
All UK banks are subject to liquidity requirements implementing the Basel III liquidity coverage ratio, which came into force in January 2015. It is designed to ensure that banks hold a buffer of unencumbered, high-quality, liquid assets in order to meet modelled outflows in a 30-day stress test scenario. The presumption in this scenario is that the institution’s management will be able to take suitable actions to correct the course in that period.
High Quality Liquid Assets (HQLA) are cash or assets that can be converted into cash quickly with limited or no loss in value. An asset can be deemed an HQLA for the purposes of the liquidity requirements if it is unencumbered and meets the minimum liquidity criteria, and if the firm is able to demonstrate that it can be quickly converted into cash if required. HQLA are divided into Level 1 and Level 2 assets, based on their likely liquidity. Level 1 assets include only the most liquid – including cash – central bank reserves, and certain securities that have the backing of a sovereign government or a central bank.
There is no limit on the quantity of Level 1 assets a bank can hold, as these are preferable from a regulatory perspective. Level 2 assets include particular government securities, covered bonds, corporate debt securities and residential mortgage back securities. A firm must hold no more than 40% of its total liquid asset pool in Level 2 assets. Under the CRR, except for periods deemed to be crises, a UK bank must maintain a liquidity buffer equal to at least 100% of its anticipated net liquidity outflows over a 30-calendar day stress period – where the total net outflows must not exceed the total HQLA pool over the period of the stress testing upon the bank.
The requirements also compel UK banks to regularly report their liquidity data to the PRA, with retail funding reports and systems and control questionnaires being reported quarterly, marketable assets and funding concentration reports being reported monthly, mismatch reports and pricing data being reported weekly, and the underlying liquidity of the bank being reported daily. Liquidity requirements apply on a solo and consolidated basis. The PRA can waive the application of the requirements on a solo basis, but is unlikely to do so other than in relation to sub-groups of institutions authorised in the UK. UK banks are, therefore, generally not able to rely on liquidity from non-UK subsidiaries to satisfy UK liquidity requirements.
The UK has implemented the FSB Key Attributes of Effective Resolution Regimes. A bank incorporated in the United Kingdom may be wound up under the general insolvency law applicable to UK companies, or wound up or resolved under the special resolution regime (SRR) under the Banking Act 2009. The UK regulatory framework also provides for recovery and resolution planning to enhance the resilience and resolvability of UK banks and banking groups: the MREL requirement described under 8.1 Capital, Liquidity and Related Risk Control Requirements also supports resolution by ensuring that firms have sufficient capital or liabilities available for recapitalisation in resolution, where appropriate.
Banks have special protections from insolvency proceedings, with only the Bank of England, PRA or the Chancellor of the Exchequer able to apply for the court order required under Section 94 of the Banking Act. The application to the court would be made on the basis that the bank is either unable to pay its debts, or is likely to become unable to do so, and that the winding-up of the institution would be just and equitable. In order for the application to be made to the court in the first place, the PRA must be satisfied that the trigger conditions of failure or likely failure have been met, and the BoE must be satisfied that it is not reasonably likely that the situation will be reversed. Separately, the Chancellor of the Exchequer can apply on the grounds that the winding-up of the bank would be in the public interest.
Recovery and Resolution Planning
Consistent with the requirements of the BRRD, UK banks are required by the PRA to produce and maintain recovery plans, along with resolution packs, in order to reduce the risk that the failure of a UK bank could threaten the broader market or require government intervention in the form of taxpayer money being used for a bailout.
The PRA and BoE introduced a resolution assessment framework for major banks in 2019, which supplements the recovery and resolution framework by requiring banks to undertake an assessment of their resolvability, submit it to the PRA and publish a summary of the assessment thereafter. The initial reporting and disclosure dates under the framework have been deferred to October 2021 and June 2022 as a result of the COVID-19 crisis.
The SRR gives the UK authorities powers to resolve a failing bank (or banking group company). It consists of five stabilisation options:
It also includes a modified bank insolvency procedure that facilitates the FSCS in providing prompt payout to depositors or transfer of their accounts to another institution, and a bank administration procedure, for use where there has been a partial transfer of business from a failing bank.
The SRR tools may only be deployed where a bank is failing or likely to fail, where it is not reasonably likely that action will be taken that would result in the bank recovering, and where the exercise of resolution powers is in the public interest. In exercising the stabilisation powers, the resolution authority (generally the BoE, though temporary public ownership is reserved to HM Treasury) is required to have regard to a number of resolution objectives, including ensuring the continuity of banking services, depositor and client asset protection, financial stability and the need to avoid interfering with property rights.
On entry into resolution, the SRR requires the BoE to write down equity and write down or convert other capital instruments into common equity. The BoE has discretion to select the appropriate resolution tool to apply to resolve the bank. The main resolution tools are:
Nationalisation is also provided for within the SRR framework as a last resort.
The regime carries with it a number of ancillary powers to enable the transfer of property, to stay default and other rights, and to take other action supporting resolution. Because these potentially affect property and other rights, the framework includes a number of safeguards, including a “no creditor worse off” provision designed to ensure that creditors and other stakeholders in the process are no worse off as a result of the resolution than they would have been had the bank been put into liquidation at the point of the resolution.
Consistent with the BRRD, the UK insolvency framework includes depositor preferences. These prefer covered deposits (deposits protected by the FSCS). Eligible deposits (deposits by persons eligible for FSCS coverage over the FSCS limit), and deposits made by natural persons and micro, small and medium size enterprises that would be eligible deposits if they were taken in the UK are subordinate to covered deposits but rank ahead of other senior claims.
The United Kingdom officially left the European Union at 11pm on 31 January 2020, but for financial services regulation this milestone was more representative of the beginning of the process, rather than the end. The UK left the EU in name only, entering a transitional period in which virtually all of the existing rights and obligations that the UK benefitted from and observed as a Member State remained in place. This meant that the system of financial passporting continued to be available, the absence of which is one of the largest concerns for major UK and European financial institutions in the Brexit process. As it stands, the transition period is set to end on 31 December 2020, triggering the loss of passporting rights and the "onshoring" of the EU acquis into UK law. These are described in more detail in the UK Trends and Developments chapter.
Implementation of the EU Risk Reduction Package
The implementation process for EU regulatory reform under the so-called risk reduction package is ongoing, with a number of changes requiring implementation in late December 2020 under BRRD (BRRD2) and to CRD IV (CRD V) and CRR (CRR2) (implementing Basel III). Because these precede IP Completion Date, the UK government is implementing them in accordance with its EU law obligations. The changes cover governance, remuneration, buffers and reporting by branches of third country banks under CRD V, as well as a number of changes relating to recovery and resolution planning and related issues under BRRD2, some of which will lapse on IP Completion Date.
Future Financial Services Changes
Following exit, the UK will cease to implement or adopt new EU financial services legislation. The UK government also decided not to onshore "in flight" EU legislation – ie, EU legislation that has been passed but has not yet fallen due for implementation as at IP Completion Date. As it is common for major EU legislation to be implemented over a horizon of years, this means that the UK is inheriting swathes of unfinished legislation, which will need to be completed. Notably, this includes remaining changes under the EU risk reduction package as well as various markets regulatory changes. To fill this gap, the UK government has introduced a Financial Services Bill which will, among other things, provide regulatory powers to the PRA to revoke relevant parts of the CRR and make rules to implement the remaining Basel III changes. It is currently anticipated that the relevant changes will be implemented by year end 2021.
It is also suboptimal to operate a financial regulatory system based on inherited EU legislation. In acknowledgment of that suboptimal approach, HM Treasury has published a consultation paper on the financial services future regulatory framework review. The aim of the review is to examine how the UK should adapt its approach to regulation outside of the EU, building on the strengths of the existing UK framework. Central to the proposed approach is the adaptation of the regulatory model introduced by FSMA.
HM Treasury considers that the current FSMA regulatory framework, as adapted to address the regulatory failures of the 2008-09 financial crisis, continues to be appropriate. The consultation paper goes on to state that the framework resulting from the onshoring of retained EU law under the European Union (Withdrawal) Act 2018 (please see the UK Trends and Developments chapter of this guide for more detail) will not provide the optimal, long-term approach for UK regulation of financial services. Among other things, it highlights that maintaining this approach would lead to a fragmented rulebook, with regulatory requirements spread across a range of sources, including domestic and retained EU legislation, regulators' rules and onshored EU technical standards.
The proposals set out in the consultation paper seek to provide a clear-cut and coherent allocation of regulatory responsibility. The government and Parliament would set the policy framework for financial services and the strategic direction of financial services policy. Working within that framework, the regulators would design and implement the regulatory requirements that apply to firms, using their expertise and agile rule-making powers to ensure that the regulation is well designed and keeps pace with market developments. Enhanced scrutiny and public engagement arrangements would help to ensure that the regulators are accountable for their actions and stakeholders are fully engaged in the policy-making process. The consultation runs until the start of 2021, and the responses will help develop a final package of proposals that HM Treasury will consult on during 2021.
Running in parallel to HM Treasury’s consultation, the House of Commons Treasury Committee has also launched a new inquiry into the future of financial services in the UK after the Brexit transition period ends. Among other things, the Committee will examine how financial services regulations should be set and scrutinised by Parliament, and will consider the government's financial services priorities when it negotiates trade agreements with third countries. It will also consider how regulators are funded and the extent to which financial services regulation should be consumer-focused.
As if the prospect of Brexit had not caused sufficient strain on the financial services sector, 2020 has seen the COVID-19 virus shut down economic activity across the globe, and has brought with it an unprecedented change to modern working environments. In September 2020, the FCA published its annual report, three months later than usual owing to the circumstances of the pandemic, which highlighted the regulator's policy adjustments and guidance in the present circumstances.
The FCA outlined its five main priorities in its COVID-19 response, which were to support customers through the immediate crisis shock, to keep markets functioning and orderly during a major repricing event, to issue emergency guidance, to maintain public access to essential financial services, and to protect society's most vulnerable. For firms, the FCA introduced policies that allowed forbearance on best execution reporting, and extended deadlines around the upcoming implementation deadlines for the SMCR.
One Bishops Square
London E1 6AD
020 3088 0000www.allenovery.com
The UK stands on the threshold of the most major change to its financial markets in living memory. The UK officially left the European Union at 11pm on 31 January 2020 under the withdrawal agreement, under Article 50 of the Treaty on European Union (the Withdrawal Agreement), subject to a transitional period in which the UK has remained in the single market. The transitional period ends on 31 December 2020 (IP Completion Date), shortly after the time of writing, either with a free trade agreement agreed between the parties, or without. At that time, the UK will cease to be a member of the single market and – regardless of whether or not a free trade agreement is reached – the complex network of European single market rights upon which UK market participants rely to conduct business into the EU, and vice versa, will fall away. This has highly significant implications for firms conducting business across the English Channel (or Irish Sea) as, generally speaking in the UK and most EU Member States, conducting business without an appropriate licence or passport is often an offence.
UK and EU Access Post-Exit
From a regulatory perspective, the effect of the exit will be asymmetric. Since the Brexit vote, UK regulators have prepared a host of measures to alleviate the so-called "cliff-edge" effects of market participants ceasing to have single market rights. Notably, this has included providing for temporary permissions regimes for EEA firms, permitting them to continue to conduct regulated activities in the UK post-exit; providing relief permitting European financial products, including funds and securities, to be sold into the UK; and recognising most classes of European financial infrastructure, in order to enable UK market participants to have continued access to clearing and other market infrastructure. By contrast, the EU has taken only very limited steps to mitigate the effect of the exit: the UK’s clearing houses and central securities depositary are to benefit from temporary recognition to give EU participants continued access to them, but UK banks, investment firms, insurance companies and financial market infrastructure have no relief, making cross-border business from the UK off-limits in many cases. Some individual EEA states have also implemented their own transitional regimes in order to facilitate UK financial firms continuing to provide their services in those jurisdictions, but this is far from being a satisfactory solution for continued market access. This asymmetry has rendered international banks’ UK operations largely redundant as a means to access EU markets, and in turn has resulted in a rush on the part of UK and international financial institutions to create licensed subsidiaries in the EU – most typically in Germany, Ireland, France, Luxembourg or the Netherlands – or in a few cases to limit or close EU business.
A further bone of contention between the EU and UK is equivalence. The EU legislative framework confers preferential treatment on non-EU actors in a number of areas, based on the concept of equivalence. One might expect that the UK would be able to benefit from equivalence, starting from the position of an integrated regime for financial services with the EU. Such an expectation would fail to anticipate the use of equivalence as a political tool to further domestic interests. While the Political Declaration that accompanied the final Withdrawal Agreement envisaged that the UK and EU would "endeavour" to find an agreement on equivalence for financial services by 30 June 2020, that agreement has not eventuated. In August 2020 an executive vice-president of the European Commission, Valdis Dombrovskis, stated that Brussels was not sufficiently prepared to assess whether the UK qualifies for some pan-EU equivalence provisions, because the EU’s own regulations are uncertain. By contrast, the UK has generally granted equivalence with respect to EU market participants.
Onshoring EU Legislation into UK Law: Background
In addition to the loss of EU market access, UK banks and UK branches of international banks face considerable domestic legislative and regulatory upheaval as a result of Brexit. In advance of the agreement and ratification of the Withdrawal Agreement, to plan for the possibility that the UK could exit the EU without a Withdrawal Agreement (a hard Brexit), the UK government passed the European Union (Withdrawal) Act 2018 (EUWA) as a contingency measure. The principal purposes of the EUWA were to repeal the European Communities Act 1972 and to provide a functioning statute book from the date of exit from the EU (Exit Date) in order to ensure that legal certainty, continuity and stability would be retained as the UK exits the Single Market. Following the UK ratification of the Withdrawal Agreement, the EUWA was amended by the European Union (Withdrawal Agreement) Act 2020 (EUWAA) in order to enact the Withdrawal Agreement.
As amended, the EUWA performs a number of functions, including:
Absent further legislation, EU law would cease to apply in the UK upon the repeal of the ECA, leaving the UK without much of its legal framework. In order to avoid this consequence, the EUWA provides for the retention of most EU law as it stands on the IP Completion Date, by incorporating it as a freestanding body of domestic law. The EUWA also sets out rules that govern how onshored law can be modified or repealed, and by what type of conventional domestic legal instrument.
Making Onshored EU Law Fit for Purpose
It will be obvious that merely to "cut and paste" EU law into the UK statute book would not be workable: multiple changes would be needed – for example to eliminate single market rights, replace European with domestic bodies, and make consequential changes to references to EU law. To deal with this, Section 8 of the EUWA gives ministers of the Crown a power to make secondary legislation to deal with any failure of retained EU law to operate effectively or any other "deficiency" in retained EU law that would arise upon exit, and to sub-delegate the power to a public authority where it is best placed to deal with the deficiencies – for example, the Bank of England (BoE), the Prudential Regulation Authority (PRA) and/or the Financial Conduct Authority (FCA) (as applicable) in the context of financial services.
With respect to financial services regulation, responsibility for exercising the powers conferred by Section 8 falls to HM Treasury (HMT), which has made more than 70 statutory instruments (SIs) to “onshore” EU legislation in the financial services sector. In recognition of the role the UK regulators have historically played in shaping the EU’s binding technical standards (BTS), HMT delegated powers to amend the European regulatory technical standards (RTS), implementing technical standards (ITS) and delegated regulations to the FCA, BoE, PRA and/or the Payment Systems Regulator (PSR), subject to the oversight of HMT. The instruments which the regulators may use to correct deficiencies in existing BTS are called EU Exit Instruments. The regulators are also granted the power to make BTS in the future, which they will do by way of standards instruments. The FCA, PRA and BoE have each published numerous EU Exit Instruments to address their respective areas of responsibility.
Relief from Changed Legal and Regulatory Obligations
The approach taken by HMT to onshoring has been to treat EU market participants as third country participants under onshored law, reflecting the loss of single market rights and the EU treating UK market participants in the same way. Although the resultant changes made by the onshoring process are largely technical, they carry with them a host of potentially material changes for financial market participants – for example, risk weights of exposures of UK banks to EU banks would change. With industry wondering how to prepare for the potential change in obligations, HMT brought forward legislation to allow regulators to grant some flexibility in applying new legislative requirements under the EUWA. The power enables the UK regulators to amend the effect of the onshored EU legislative rule-set in order to provide temporary relief from changes to pre-exit practice.
This has been done in Part 7 of the Financial Services and Markets Act 2000 (Amendment) (EU Exit) Regulations 2019, which provides that the FCA, PRA and BoE may direct that “relevant obligations” are not to apply to particular entities or to apply in a different way, in each case for up to two years after the IP Completion Date. These directions provide for a "standstill" of relevant obligations, which for this purpose are obligations (as contained in an Act of Parliament or subordinate legislation) that begin to apply or apply differently in relation to which the regulator has responsibility for supervising or ensuring compliance. Each transitional contains a list of exclusions – these are obligations which the regulators expressly do not submit to a standstill.
The regulators have each communicated their intention to use their transitional powers broadly.
The PRA and FCA are expected to issue final forms of the transitional directions in late 2020.
"Must Do" Obligations and General Relief
In February 2019 the FCA issued a statement indicating seven areas where it expected UK firms to take action in advance of a hard Brexit. The FCA’s exercise of its standstill powers at that time was (and remains) relatively narrow, with large numbers of legal changes not being within the scope of the standstill directions.
Following feedback from industry that the FCA’s approach left considerable uncertainty about UK firms’ obligations which were neither subject to standstill nor within the seven areas, on 1 October 2020 the FCA published an updated statement of its expectations for UK firms, setting out 13 areas in which the FCA considers it would be inconsistent with its statutory powers to use its transitional power and in respect of which it expects UK firms to be preparing to comply from the end of the Implementation Period (colloquially referred to as "must do" obligations). The statement provides that the FCA expects firms to undertake “reasonable steps to prepare to meet the new obligations by 31 December 2020.” The FCA went on to say that it would “not take a strict liability approach and [did] not intend to take enforcement action against UK Firms and other regulated entities for not meeting all requirements straight away, where there is evidence they have taken reasonable steps to prepare to meet the new obligations by 31 December 2020.”
Critically, the FCA has indicated that it will not require UK firms to implement other onshored substantive legal obligations for which it is responsible by year end; UK firms will have until March 2022 to implement these, except where non-compliance is found to give rise to “serious and foreseeable harm”. This effectively means that UK firms can defer the implementation of other legislative and regulatory changes that come into force on 1 January. This is referred to as "general relief".
However, even at this late stage, the FCA does not intend general relief to apply to those obligations that are subject to ongoing discussions over equivalence. HMT and FCA have provided equivalence or relief for the purposes of many of the areas of onshored law – but questions remain over the derivatives trading obligation (DTO) under the onshored Markets in Financial Instruments Regulation, in particular.
Where Does This Leave Firms?
The complexity of interpreting the onshoring process means that firms will need to prepare themselves adequately for the changes not just on the horizon, but in the immediate future. This will include needing to identify the relevant statutory instruments or exit instruments that act to onshore the legislation, understand the substantive and cumulative changes the relevant instrument makes, identify and assess how the transitional provisions affect timing and whether the relevant legislation contemplates equivalence decisions, and, where it does, track and assess whether HMT has made equivalence decisions.
Additionally, firms will need to track regulators’ standstill powers where regulators have joint standstill powers, and, where a standstill power applies prima facie, assess whether the exemptions to the standstill direction apply. The regulation of financial services covers a broad spectrum of legislation, and even firms with a seemingly narrow focus will need to be alert to changes across multiple subsectors.
UK regulated firms are largely resigned to, and prepared for, the loss of their single market rights, but operationalising new EU operations will still continue to give rise to short-term and medium-term challenges for many. The onshoring of EU legislation will run to a similar time horizon: firms face some short-term challenges immediately following the IP Completion Date as thousands of pages of EU financial services legislation change simultaneously, subject in large part to transitional relief. The real work will just have begun, however: the lapse of transitional relief in 2022 and wholesale changes to the onshored regulatory regime that are likely to be made in order to revitalise the UK sector will be more challenging.
One Bishops Square
London E1 6AD
020 3088 0000www.allenovery.com