Legal Updates

Delegation and Outsourcing

Suggested Action to be taken

The Central Bank reminds FMCs of the importance of appropriate oversight of any delegated or outsourced activities and notes that non-compliance with domestic outsourcing rules “carries a credible threat of enforcement”.

Following a significant increase in FMCs providing services to third party funds, the Report emphasises the importance of such FMC having appropriate capacity to take on additional business, to include oversight of delegates, while continuing to meet the expected standards of the Central Bank and ensuring the protection of investors.^[1]

Review and ensure compliance with the Central Bank’s Outsourcing Guidance.^[2]

In the case of FMC managing third party funds, monitor resourcing and expertise and increase same as business expands.

Sustainable Investing

Suggested Action to be taken

In the Report, the Central Bank notes that compliance with the requirements of the SDFR is essential so that investors can have trust in products being marketed as sustainable and that this is an area of specific focus for both the Central Bank and ESMA which will conduct a common supervisory action on sustainability later this year. The Central Bank notes that FMCs are required to integrate sustainability risks into the management of their funds, the conflicts of interest procedures and their risk management processes.

Review existing disclosures for “green”/”sustainable” funds to ensure that they comply with applicable requirements and to ensure that investors are in no way misled”.

Review existing procedures and disclosures to ensure that sustainability risks are appropriately integrated as required under applicable rules.

External Risk Environment

Suggested Action to be taken

Highly Leveraged Funds

The Report notes that highly leveraged funds were impacted most significantly by the recent fall in asset prices as a result of being subject to higher margin requirements. It also identifies highly leveraged Liability Driven Investment Funds as particularly vulnerable to UK fiscal policy announcements in September 2022.

Less Liquid Funds

The Report outlines that instruments such as high yield bonds can be difficult to manage in periods of increased market volatility as a result of being less liquid and of lower credit quality. The Central Bank warns FMCs that funds must remain vigilant in meeting redemption requests, in ensuring that the redemption frequency is closely related to underlying asset liquidity and that appropriate liquidity management tools are in place and used to ensure fair treatment of investors.

Sanctions

The Central Bank notes that FMCs must at all times be in compliance with sanctions relating to any impacted asset or investor. The Report notes that further sanctions affecting assets may result in a reduction of liquidity for Irish funds when seeking to dispose of impacted Russian assets.

Have an appropriate risk management framework in place to identify, manage and mitigate the potential risks arising from the use of leverage within a fund’s portfolio (including liquidity stresses which may result from increased margin calls.)

Ensure that redemption frequency is closely correlated to the underlying asset and that LMTs are available for use when required and utilised when appropriate.

Ensure that appropriate systems and controls are in place to identify relevant sanctioned instruments and individuals.

Market Conduct Risk Management

Suggested Action to be taken

Risk Identification and Assessment

The Central Bank reminds regulated firms of its expectations to fully embed market conduct risk frameworks into their organisational arrangements. The Report outlines that the Central Bank has “observed across a cohort of firms that the internal reporting of conduct risk does not adequately provide for the ongoing monitoring of the conduct risks to which a firm is exposed, thereby inhibiting effective senior management oversight and challenge.”

Hybrid-Working Environment

The Report highlights the potential for market abuse related conduct risks to be heightened as a result of the new hybrid-working environment which will be relevant across FMCs.

Where relevant, ensure that a robust framework is in place to appropriately identify and assess market conduct risk and to monitor and manage any identified risks

Ensure that policies, procedures, controls and a monitoring regime is in place which has been adapted for alternative working arrangements. Ensure communications are not taking place through unauthorised channels

Market Integrity

Suggested Action to be taken

Market Surveillance

The Report notes that firms with obligations under the Market Abuse Regulation (MAR) should recalibrate and improve market surveillance systems to consider all types of market abuse risks to which they are exposed.

Cancellation/Amendment of Orders

The Report notes that the potential for market abuse is increased by higher trading volumes, more automated trading processes and higher levels of order cancellation.

Reporting of Suspected Market Abuse

The Central Bank outlines in the Report that Suspicious Transaction and Order Reports (STORs) are an important tool in identifying potential instances of market abuse and highlights that the quality and number of STORs submitted by trading venues is of particular concern.

Inside Information

Ineffective frameworks and controls for the management of inside information and the maintenance of insider lists are called out within the Report.

Where relevant, ensure that appropriate transaction-monitoring systems, alerts systems and robust quality assurance processes are in place.

Where relevant, the Central Bank reminds FMCs to monitor all orders and trades, including cancelled and amended orders.

Where relevant, take action and submit a STOR to the Central Bank when a reasonable suspicion arises that the relevant conduct could constitute market abuse.

Where relevant, maintain robust frameworks and associated controls to comply with the provisions in MAR concerning inside information.

Cyber Security

Suggested Action to be taken

The Central Bank highlights that the frequency of cyber incidents impacting all financial sectors in Ireland increased significantly last year.

The Report points to the Digital Operational Resilience Act (DORA)^[3], as an important upcoming “regulatory milestone” in the context of cybersecurity risks. DORA will introduce new rules which FMC will be required to comply with in the area of Information and Communications Technology (ICT) risk management.

Having regard to applicable Central Bank guidance and DORA, ensure that appropriate governance frameworks and tools are in place to identify, measure, manage, monitor and report ICT/cybersecurity risks to ensure that the FMC is made more resilient to possible disruption from cyber and operational risks.^[4]

Guidance and to take steps, among other factors, to ensure that; (i) appropriate procedures and controls are in place to identify and minimise sources of information security risk; and (ii) critical business services are identified and made more resilient to possible disruption from cyber and operational risks.

Data Quality

Suggested Action to be taken

The Report highlights that data is a key element of the Central Bank’s supervisory approach[5] and that precise, comprehensive and consistent data submissions are critical to the Central Bank in fulfilling its supervisory responsibilities.

The Central Bank notes “Whilst there have been notable improvements in the quality of data reported for some datasets, we continue to see data quality issues in a number of key areas.”

Failure to engage promptly with the Central Bank where issues arise may result in “supervisory intervention up to and including enforcement action”.

Ensure that accurate data is submitted to the Central Bank on a timely basis.

Have appropriate escalation channels in place to address any data issues which are identified and engage with the Central Bank promptly where issues arise.

Have appropriate oversight of data reporting from board level down (including where data reporting is outsourced).

Digital Innovation

Suggested Action to be taken

New Technology

The Report acknowledges the benefits of technological developments but highlights that the developments may also give rise to risks. The Central Bank warns FMCs to carefully manage the use of new technologies and operational changes to ensure that safeguards and investor protection are maintained.

Crypto Assets

The Central Bank notes that its position, that it is highly unlikely to approve a UCITS or Retail Investor AIF proposing any direct or indirect exposure to crypto assets, is under review and will be informed by European regulatory discussions on the topic.

Implement and maintain governance, cybersecurity, privacy, product and operational risk frameworks to support the identification, mitigation and management of risks arising from the implementation of new technologies.