What are the key regulatory developments to keep an eye on in H1?

H1

As we approach the end of the second month of 2024, the direction of regulatory developments is beginning to take shape. What can we expect to see in the first half of 2024?

In the view of Stacey English, director of regulatory intelligence at Theta Lake, despite the relative youth of the year the sector has already seen both the SEC and FINRA update their expectations on communications compliance.

She remarked, “This sets the stage for the first half of the year.  Firms need to be under no illusions – recordkeeping is, and will remain, a key regulatory focus.”

English also emphasised that despite penalties already exceeding $2.6bn for unmonitored channels, it’s clear that fines for recordkeeping failures are not over.  Theta Lake’s independent survey of over 600 firms revealed that 74% believe staff are still using unmonitored communications.

Relating to this, regulators have said the penalties will even be higher because they’ve given warnings so firms should be on notice. “Despite the enforcement headlines focusing on WhatsApp and a small percentage of staff trying to evade oversight, it’s actually a much wider problem where staff are using unmonitored methods just to do their job efficiently,” said English.

Theta Lake recently found that 68% of firms disable core features across their approved platforms like Zoom, Microsoft Teams and Cisco Webex, because existing compliance tools can’t effectively capture them and/or make them searchable for detecting and reporting risks.

According to English, this is driving staff to alternative unapproved methods to communicate. “We’re helping firms make sure they can capture all the different tools and channels like email, chat, whiteboards, video, alongside all the contextual information like emojis and reactions, and then be able to search and retrieve those records, so they able to turn features on and staff aren’t driven to alternative unmonitored methods.”

In the view of the regulatory intelligence director, this unrelenting regulatory focus is why the industry sees communications compliance take centre stage in boardrooms.

“We know the vast majority of firms are revisiting their communications compliance and we’ve seen firms themselves starting to take action against individual staff with clawbacks in bonuses, demotions and even dismissals. It’s only a matter of time before regulators take action too if their warnings aren’t heeded. So the whole issue of communications compliance needs to be assessed urgently at the highest level before the regulators come in and mandate a review.”

There will also be a widening focus from regulators in the first half of 2024. English said  the billions of dollars in fines imposed in the last couple of years were mostly for a failure to capture communications.

However, the issue to watch out for in her view is whether those records are complete and whether those records can be retrieved.  “There are already signs that some regulators are widening the supervisory net and imposing penalties for wrongly deleted data, an inability to find data.

“We know firms are struggling with this. 74% of firms told us that they are facing challenges in searching and retrieving communications.  So proof that all communication records from all the different platforms and modalities have been captured is something firms are asking for because regulators want to see it, otherwise oversight is ineffective. Thankfully solutions like Theta Lake that are built for modern unified communications provide that reconciliation of records, giving both firms and regulators assurance that records are complete,” said English.

Looking towards the horizon, Generative AI is continuing to grow in stature and reach and 2024 will be no different for the technology. English belives GenAI will grow considerably as it starts to deliver substantial cost savings and productivity gains – whether that’s summarizing conversations or creating content.

She added, “FINRA has highlighted artificial intelligence as an emerging risk, warning firms to be mindful of how these technologies may impact compliance with their regulatory obligations, including books and records, customer information protection and supervision. What we do know is that the wider use of generative AI will create more content and communications with requirements for retention, search and supervision.”

Restriction and harmonisation 

Elsewhere in the financial sector, Muinmos CEO and founder Remonda Kirketerp-Møller identified four key areas to watch out for in H1.

Firstly, there will be clearer guidelines on the MiCA regulation. She said, “MiCA is currently occupying the industry including regulators across the world and we expect to see more ESMA Guidelines on MiCA, applying learnings from “good old MiFID II” – such as ESMA’s Latest Draft Guidelines from 29 January 2024, regarding ‘reverse solicitation’ and the ‘qualification of crypto-assets as financial instruments’.”

In other areas, there will be more cross-border restrictions – with the Muinmos CEO stating that there will likely be further restrictions on cross border application/ restriction as the industry saw last year with SVG, Spain and other places, and redefining third countries and equivalence in the EU.

Kirketerp-Møller stated the EU and beyond are also seeing the need for forward harmonization across borders, as evidenced by the latest removal of the 3ZA list in the UK, and the EU Parliament’s Committee statement on better data sharing and less red tape in reporting.

She concluded, “Throughout 2023, regulators put a great deal of effort into defining what constitutes as legitimate and non-legitimate communication with clients and potential clients, in terms of both channels of communication and content. For example, what constitutes marketing, and what type of marketing is allowed. We believe this trend will continue. For example, see FCA’s guidelines from 30 January 2024 about ‘flying’ and ‘printing’.”

Politics and AI

One of the biggest imprints left in the financial sector last year was the rise of AI and how it disrupted the system.

Saifr stated that last year, AI’s regulatory priorities and ethical obligations dominated discussions; but 2024 could be the year of more tangible AI regulations. “What is unclear is if we will see regulatory action or just political posturing? I think a mix of the two is most likely,” said Saifr.

AI entered the political conversation in the US in 2023, but it was not just discussion, according to the RegTech firm. There was also some action, Saifr stated, culminating in President Biden’s Executive Order on AI at the end of October—a directive calling for more transparency and new standards.

Saifr said, “Politics is at play here too. The Republican focus is not on intensified regulation, while Democratic plans seem based on more regulation and control. But that view can be seen as over simplified. So, it is hard to say what will exactly happen, but it seems that some form of regulation is likely and could align to each industry.

“As a result, I think firms can be cautiously optimistic when dealing with AI-based companies and should pay particular attention to controls that help manage risk and offer transparency.”

The firm added, “2024 is also an election year, so we could, in theory, see more directive action toward the end of the year or in 2025 depending on the new President and administration’s interpretation of the Executive Order. But it really depends on who will be president and how much they want to regulate or deregulate this area.”

EMIR-REFIT revision 

Another area the financial sector can’t sleep on this first half year is the EMIR-REFIT revision associated with the revised derivatives reporting requirements under EMIR-REFIT.

MAPFinTech head of operations Christodoulos Mouskos explained that in the EU during H1 2024 (end of April 2024) we will have the launch of the revised derivatives reporting requirements under EMIR-REFIT.

“The new reporting rules introduce a host of new data elements, such as the concept of collateral haircuts based on Risk Management considerations, identifiers for crypto assets, and the incorporation of a globally endorsed Unique Product Identifier, as well as mandating that all reports are submitted using XMLs. Moreover, additional data points will become subject to matching/reconciliation for the so-called double-sided reports.”

In the view of Mouskos, the new ruleset – while it has been adequately fleshed out by ESMA and IOSCO-CPMI’s publishing guidelines, reports and the XML schemata – is expected to cause a few hiccups especially during launch and during the immediate short term.

He said, “Reporting parties will discover inconsistencies and/or weaknesses in the ruleset when they begin submitting the new reports. The reporting parties will need to inform their respective TRs of these issues and the TRs in turn will liaise with ESMA to find interim or permanent solutions such as e.g. issuing new guidelines, amending validations or adjusting the XML schemata.

“Moreover, many TRs have created sandbox testing environments for the new ruleset urging their users to start test submitting reports to identify issues and iron out kinks before the new rules kick in on the 29th of April 2024.”

Crypto bracing for regulation 
As cryptocurrency continues to bake itself into the financial system, the sector can expect to see greater regulator as the market becomes increasingly professionalized. Chor Teh, financial crime compliance industry practice lead at Moody’s Analytics, said that crypto will likely become increasingly professionalised in the first half of the year, and the industry is already seeing regulators prepare for this with the FCA previously launching and closing its consultation on stablecoins.
Teh mentioned that alongside crypto, fintechs will increasingly have to prepare for other cross-border regulation due to come into force.
He said, “For example, there is now only a year to comply with the EU’s Digital Operations Resilience Act (DORA), which will apply from January 17th 2025, and Fintechs will be using H1 2024 to implement IT risk management solutions that help them adhere to the upcoming regulation.”