What are the key changes that will be made by the Prudential Regulation Authority (PRA) following the implementation of the Markets in Financial Instruments Directive II (MiFID II)? Emma Radmore of Bond Dickinson comments on the PRA’s policy statement and final rules.
How is the PRA intending to transpose MiFID II?
In October 2016, the PRA published a policy statement (PS29/16) with final rules on how it intends to implement MiFID II into its Rulebook. The policy statement also includes feedback on responses to its consultation paper (CP9/16), which was published in March 2016.
How is the PRA changing its rules on passporting?
The changes relating to passporting are essentially mechanical, to adapt to the changes to the passporting process and required information that MiFID II imposes. The PRA will amend the passporting part of its rules to introduce new definitions from MiFID II—of an organised trading facility (OTF) and tied agent—and it has made a minor change to its glossary to reflect the definition of multilateral trading facility (MTF) in MiFID II rather than the current MiFID.
The amended rules set out in the PRA Rulebook: Passporting Instrument 2016 will require the following firms to comply with relevant MiFID II information requirements and submit the appropriate form mandated by regulatory and implementing technical standards (which have not yet been formally published at EU level):
- UK designated investment firms wishing to set up, change or terminate the operation of an EEA branch
- any UK firm wishing to use a tied agent in an EEA state where the firm does not already have a branch, or any UK firm changing the particulars of a tied agent
- UK designated investment firms wishing to provide cross-border services for the first time or making changes to the provision of cross-border services
- UK designated investment firms terminating the operation of a branch or ceasing the use of a tied agent
- credit institutions wishing to provide cross-border services through tied agents, making changes to the provision of cross-border services, or ceasing the use of a tied agent
- UK firms that operate an MTF or OTF and wish to provide or make changes to arrangements to facilitate access and trading by remote users and participants in other EEA states
Firms will also be required to submit the appropriate declaration to the PRA.
The PRA has published new forms for branch notification, cross-border services notification and the ‘declaration’.
How will the PRA implement the new requirements for algorithmic trading?
To implement the changes on algorithmic trading, the PRA has made a new instrument—the PRA Rulebook: CRR Firms: Algorithmic Trading Instrument 2016. This will apply to CRR firms that, as appropriate, engage in algorithmic trading or provide direct electronic access (DEA) to a trading venue. The rules are relatively short and require firms to:
- have in place effective systems and controls that are suitable to their business, to ensure their trading systems:
- are resilient and have sufficient capacity
- are subject to appropriate trading thresholds and limits, and
- prevent erroneous orders or the systems otherwise functioning in a way that may create or contribute to a disorderly market
- have in place effective business continuity arrangements to deal with any failure of trading systems and ensure the systems are fully tested and monitored
- make and keep the following records:
- description of their algorithmic trading strategies
- details of their system’s trading parameters or limits
- evidence that the strategies, parameters and limits are met
- details of firms’ approaches to testing their systems
- information, outcomes, and actions resulting from each test
- further relevant information
Firms providing DEA to a trading venue are required to:
- have in place systems and controls to assess and review the suitability of clients using DEA and prevent the clients from exceeding preset trading and credit thresholds
- have ‘appropriate’ systems and controls in place to prevent trading by clients that may create risks to the firm
- keep records of what systems and controls have been adopted, evidence they have been applied, and also of any other relevant matters
How does the policy statement differ from the consultation paper?
In terms of passporting, the PRA received no responses on its proposals, and so the final rules reflect a few minor drafting changes only. The PRA has also added a definition of ‘tied agent’, following the MiFID II definition.
On algorithmic trading, the PRA received only two responses, which asked, respectively, for clarification on the scope of the rules and for details on the record-keeping requirements. In its response, the PRA explained why the scope of its rules appears narrower than the draft rules the Financial Conduct Authority (FCA) is consulting on—which is primarily because the PRA-regulated community comprises firms with specific prudential business models only—that is, for these purposes, banks, building societies, and the small number of dual-regulated investment firms.
The PRA has made no changes to the scope of its rules. However, in response to comments on the proposed record keeping-requirements, it has decided to remove the requirement to keep records related to high frequency algorithmic trading in parallel to the FCA’s requirements. Where it does require records to be kept of testing firms’ systems, the new rules introduce more granularity. It has also amended one of the rules on DEA to reflect firms’ concerns that their systems and controls cannot ensure client activity does not create risks to the firm, but can only seek to prevent it (although the manner in which it has done this is unlikely to satisfy the respondent’s concerns).
How will the new rules change existing PRA practice?
The PRA did not really need to do all that much to its rules, as most of the pain of UK implementation will fall on the FCA. The PRA will clearly need to be aware of, and adjust its supervisory practices to accommodate, the changes the FCA will make to its rules, as well as to cater for the many parts of the MiFID II package (not just MiFIR but also certain level two regulations) that will be directly applicable to UK firms and will therefore operate alongside UK laws and regulation. The main risk is that there will be some duplication between the PRA and FCA in supervision of firms undertaking algorithmic trading or offering DEA. The PRA has clearly tried to keep its requirements at a high level, to capture only prudential issues that arise from this business, and its feedback on the responses to the consultation suggests it is sensitive to the potential for over-regulation in this area.
Do any of these rules go beyond what is required by MiFID II?
The PRA has decided that the rules should apply to algorithmic trading on non-EEA markets that would have been within the scope of MiFID II had it been located within the EEA. Its justification for doing so is that its prudential remit requires it to look at all activity undertaken by firms it regulates which has prudential implications, wherever that activity takes place. The PRA’s increased requirements for granularity in its record-keeping requirements for systems tests arguably goes beyond MiFID II as well, but the PRA says it is within its discretion to require them. It notes the requirements do not impose an additional burden on firms, and the purpose of the requirements is to make sure the PRA can get information that helps it in its prudential supervision.
What are the next steps?
The PRA has published the changes as ‘final rules’. It noted, though, that it will need to update its policy statement and potentially its rules when the final technical standards on the relevant MiFID II requirements are published in the Official Journal of the EU. At the moment, the European Commission has adopted the regulatory technical standards, so change is unlikely.
The PRA also plans some further consultations in this area, including on the scope of ‘further relevant information’ for purposes of the record-keeping requirements related to a firm’s algorithmic trading activity. The PRA agrees with respondents to the consultation that it would be helpful to set some parameters around what it would consider as relevant. The PRA also intends to consult on how it will apply the algorithmic trading rules to UK branches of third-country firms.
How should lawyers and their clients prepare for the proposed changes?
With minor exceptions only, firms must be compliant with MiFID II by 3 January 2018. All firms should by now have in place at least an agreed strategy for ensuring they plan properly for implementation—for some firms the changes will be more significant than others, and take longer to implement, but all firms will need to make changes even if some are essentially cosmetic. In terms of these particular rules, little is required right now for firms that passport, and they must merely note that any notifications relating to passports after MiFID II implementation will require the use of different forms. For firms that will be subject to the algorithmic trading part, the rules will require a review of systems and controls to ensure they are fit for purpose and appropriate records are being kept. However, firms will want to review this alongside the relevant FCA rules—but should not wait too long for the FCA to finalise its rules, as 2017 will see many new rules being finalised and firms will need to make and stick to a realistic timetable for implementation.
Interviewed by Lucy Karsten.
The views expressed by our Legal Analysis interviewees are not necessarily those of the proprietor.