Governance, risk, and compliance professionals at financial services firms are preparing for a bumpy ride in 2022, as tectonic regulatory plates shift within a rapidly evolving operating environment. As regulators and firms emerge from the COVID-19 pandemic, which dominated the agenda for the past two years, there is catching up to do and new list of priorities. We outline what FCA and SEC registered firms need to prioritise in the months ahead.

Gensler, Brexit and Boris

It is unlikely that the UK will be offered EU equivalence soon, as long as the disagreement over the Northern Ireland protocol continues. The UK FCA is moving ahead with adjusting the EU regulations it onshored post-Brexit to better suit the UK market, with a substantial focus on ensuring the regulatory requirements are proportional to the risks. Meanwhile, the EU is moving forward with its legislative agenda, such as AIFMD II, which was published as a legislative proposal in November and is working its way through the European Parliament now. In the UK, firms can expect more tinkering with elements of EU rules, but probably not any major divergences – such as a rewriting of GDPR – in the near future.

In the US, the appointment of Gary Gensler as chairman of the SEC has led to the most ambitious regulatory change agenda that had been seen for some time. Firms are concerned about this, and more than 60% in the survey said that US rule changes were their biggest concern in terms of their compliance programme. For example, the SEC has proposed sweeping rule changes for private fund sponsors that will have an impact on non-US advisors as well. The SEC has also issued proposals for additional data to be captured on Form PF from private fund sponsors. There are other new rules or rule changes that are expected from the SEC, too, some of which are discussed later in this article.

The marketing maze – SEC Marketing Rules and the ESMA guidelines on marketing communications

Recently the US, UK, and EU have all been introducing new rules that may make it harder for firms to market funds across borders. For example, the US SEC adopted new marketing rules in November 2021, and there are some significant areas where fund sponsors will need to make changes before November 2022, such as around hypothetical performance, and the use of track records when a sponsor is spun off. Firms need to not only be aware of these rule changes and ensure they are fully compliant by the deadline, but also to make sure that relevant staff members are aligned around these changes because they impact the solicitation of investors in general.

Firms should also ensure they are compliant with ESMA’s Guidelines on Marketing Communications, which in some ways are quite similar to the SEC’s rules – it would be worth setting up a single project to tackle compliance with both. The new rules entail many changes – for example, they require firms to adopt a more retail style of communication for engagement with professional or institutional investors, particularly around performance information. ACA is finding that many firms were previously unaware of these changes, and so it’s not a surprise that in the event survey, nearly 24% of respondents said that marketing and navigating access to EU markets will be their primary compliance focus in 2022.

Boarding the ESG train

The EU is the furthest along in developing its ESG regulatory regime, but the UK is catching up fast. For example, in December 2021, the FCA published a policy statement that requires firms to disclose how they consider climate-related risks in their investments and funds. Now, the US is coming along too. Across the board, the focus seems to be on disclosure-based regimes, and so in the US it’s likely that public company disclosure rules are likely to be issued first, followed by rules for advisors. US SEC examiners are very much focused on ESG today – they have conducted ESG exam sweeps and issued risk alerts about issues they have identified in those exam sweeps. So, firms based in the US or marketing into the US should make sure that any ESG disclosures to investors are consistent with and align with their practices. They should also make sure that an actual policy is in place if they discuss a sponsor’s ESG policy or ESG considerations in deal-making activity. In summary, firms should make sure that any ESG marketing claims are backed up.

In general, firms need to make sure that their ESG marketing messages align with what is happening in reality in a particular investment or fund. They also need to be sure that the marketing messages are in compliance with the policies of a particular jurisdiction.

The first few months of the IFPR and the MiFIDPRU remuneration code

The Investment Firms Prudential Regime has been in place for just a few months now, so firms are still getting to grips with some aspects of it. Many firms had to work hard to meet the deadline, and so now is the time for those firms to go back over their Internal capital adequacy and risk assessment (ICARA) to ensure that all the inputs are true and accurate. Firms should also make sure their wind-down plan has been approved by the board. The FCA is expecting to see well-considered risk mitigation in the wind-down plan.

For the MiFID remuneration requirements, there are elements that firms will need to be careful of. For example, remuneration disclosure rules may mean that most firms won’t have to publish these details until well into 2023, but firms should consider what is disclosed in other regulatory documents, and the possibility that with triangulation it may be feasible to figure out what specific individuals have been paid. Firms will want to consider carefully how they organise themselves, for example, who gets caught up within the material risk taker category.

Electronic communications – Don’t shoot the messenger

As a result of the pandemic, at many firms home working is becoming the rule rather than the exception. The UK FCA has made it clear that it still expects both individuals and firms to be compliant with requirements to store and monitor electronic communications. It’s important to remind staff that work devices should only be used for work purposes, and that communications on those devices are not private. Firms should also make sure that their e-comms surveillance is up to speed – that the right terms are in the lexicon, and that trade surveillance models are structured for the kind of business the firm does. Lastly, make sure that policies have been updated to reflect the work from home trend, so that remote working is no longer considered an exceptional circumstance.

Other issues ACA encounters regularly include the use of encrypted messaging platforms to chat with clients, such as WhatsApp. Sometimes employees believe that because a messaging platform is encrypted, their messages within that app are not disclosable during a regulatory investigation – this is something they need to be disabused of. Firms should also think about whether they are recording investment committee meetings taking place on Teams or Zoom. For in-person meetings, firms usually produce minutes that document what they want to record from that meeting. Now, regulators may be asking why meetings that take place on a Teams or Zoom platform are not being recorded in full.

To meet all these demands, compliance teams will need to think strategically about how they approach them. For example, are there places where technology could automate processes, reducing workloads, lowering costs, and making those processes more efficient? Or are there compliance activities that could be outsourced, such as marketing approvals? By thinking outside the box in terms of meeting these challenges, compliance teams can achieve their goals and ensure the firm continues to meet its regulatory obligations.

An inspector calls – SEC and FCA visits

In the US, the pace of SEC examinations has remained consistent at around 12-15% of advisers within the SEC’s jurisdiction, and that rate should continue into the immediate future. Key issues in these examinations include:

• Conflicts of interest, and specifically in private markets, conflicts related to allocation of investment opportunities; multiple clients or multiple companies investing in the same portfolio company; financial relationships between investors and limited partners; and adviser or sponsor conflicts.
• Valuation practices and consideration around whether valuation practices are consistent with valuation policies.
• The monitoring of board deal fees or fee offsets.
• The use of complex codes of ethics or policies around the prevention of the use of material nonpublic information.
• Generally, disclosures that are inconsistent with the underlying facts, particularly around ESG products and about the track record of a product.
• The use of hedge clauses that purport to limit an adviser’s liability.

It’s clear that firms can no longer manage the governance, risk and compliance (GRC) burden on a project-to-project basis, throwing bodies and spreadsheets at a deadline and then moving on. Rather, GRC teams need to think about these changes strategically, and encourage their organisations to do so as well. By taking a more holistic view of the demands that they are being placed under, and employing technology, not only can costs be reduced but the resultant enhanced efficiency will provide the opportunity to allow the expertise of real people to focus on their expertise the high value matters, staff development, retention, and risk mitigation.

The content and survey findings in this article are based on a recent panel discussion and polls that took place during ACA Group’s annual conference for firms with a  European presence, Regulatory Horizon 2022: Preparing for the Challenges of Tomorrow conference. Here Ruth and Roxy from ACA Group were joined by Marian Grace Fowler, Partner, Investment Funds Regulatory Solutions Group, Kirkland & Ellis, and Phil Bartram, Partner, Financial Services & Markets Department, Travers Smith. All write-ups from the event can be found in a complimentary whitepaper.