ESMA MiFID II Compliance Consultation
ESMA launched another consultation recently (find it here), as part of its supervisory convergence work plan for 2019. The consultation is about certain aspects and requirements of the MiFID compliance function.
This particular supervisory convergence exercise is relevant not only to MiFID II authorised investment firms, but also UCITS management companies and third party AIFMs for what concerns the provisions of investment services and activities under the respective directives. This brief article will give some backdrop considerations on the consultation and concentrate on the guidelines proposed by ESMA for outsourcing the MiFID compliance function.
Broadening the Scope of MiFID Compliance Function
The compliance function always played a pivotal role in the organisational structure of MiFID authorised firms. As at today, the ESMA 2012 guidelines containing principles on the MiFID compliance function could have been considered the guiding principles (please find it here). The purpose of the current consultation is to replace these guidelines with new ones.
This is however far from saying that the objectives of the MiFID compliance function have changed. Rather, as it happened with the majority of recent second iterations of financial services regulations, the aim of the supervisory convergence exercise is to further detail and specify relevant rules as well as broaden their scope. In essence, MiFID II strengthened the existing compliance requirements and built additional requirements on the basis of the guidelines currently in place, without creating a new regime. In fact, on the one hand, MiFID II second level regulation incorporated the principles contained in the 2012 guidelines and, on the other, expanded the role of the MiFID compliance function.
The compliance function of MiFID authorised firms is now in charge of specific responsibilities under the product governance rules and requirements newly introduced with MiFID II. Also, it may take on the role of complaint management within authorised firms as well as act as advisor to the management body on remuneration policies.
Organisational Structure and Proportionality
As part of the provisions related to the conduct of business, MiFID II delegated regulation imposes both general organisational requirements on authorised firms, as well as compliance related requirements. With regards to the MiFID compliance function, firms will have to establish a governance framework made of policies and procedures aimed at detecting and mitigating any risk or actual failure of compliance with MiFID II.
The role assigned to the compliance function, as detailed further under MiFID II delegated regulation article 22 is mainly to a) monitor the effectiveness of the governance framework and ensure that deficiencies are promptly addressed; b) advice and assist in discharging the obligations under MiFID II by employees of the firm; c) report to the management body on implementation and effectiveness of the governance framework; and d) monitor the complaint handling process.
However, this very prescriptive framework introduced by MiFID II is all subject to the proportionality principle. This principle also applies in other cases under MiFID, like the product governance requirements. Accordingly, when discharging the various compliance tasks, like reporting on product governance arrangements for instance, those reports might be more high level or detailed depending on the type of product at issue.
Outsourcing the Compliance Function
In a plug and play world for financial services, where start up investment firms with little personnel are used to outsource the majority of their functions, compliance being the most frequent one, it is noteworthy to mention what the ESMA proposed guidelines on MiFID compliance function state on the point. The size of a firm and scope of activities and business is relevant for outsourcing the compliance function because there can be situations where an authorised firm is not in a position to employ compliance personnel independent from the services they monitor. In all those cases, outsourcing the MiFID compliance function is an obliged choice.
However, outsourcing does not mean waiving responsibility for the entire function. It comes with initial and ongoing obligations for authorised firms. ESMA guidelines in fact introduce a distinction between the compliance function and its tasks, on the one hand, and responsibility for the MiFID compliance function on the other.
Guideline 11 makes it clear that irrespective of whether a task or function is outsourced, the responsibility for the tasks outsourced remains fully with the authorised firm. At the same time, outsourcing does not mean ceding control on the outsourced tasks, which should always be retained by the firm even when outsourcing.
When outsourcing compliance tasks or functions, authorised firms have a set of initial and ongoing obligations. Firms will have to carry out due diligence when choosing an outsourced service provider for compliance in order to ensure not only that the service provider can meet the requirements of the directive, but that the same service provider has the necessary authority, resources and expertise to be able to carry out the tasks efficiently.
On an ongoing basis, authorised firms will have to monitor whether the service provider is performing its duties appropriately and the quality of the service provided. Where possible, a specific resource should be appointed within the authorised firm to monitor the activities and performance of the outsourced provider.
Conclusion
ESMA keeps on with its work programme on supervisory convergence. We can certainly agree that consistency in the application of the regulatory book on financial services will have positive effects on the supervision work of national authorities. Yet, irrespective of the waterfall of regulatory measures, we still witness failures of investment services firms at the expense of thousands of investors. Yet we wonder whether too much regulation is still the answer to the protection of the stability of markets and investors.