What the Regulators are Brewing this Halloween

RFG is celebrating Halloween with a "treat" for those interested in our thoughts on impending regulation. Read on to see what's brewing in the regulatory cauldron...

While the structure of U.S. financial services regulation is now largely in place (and the focus is now shifting to enforcement), other regulatory efforts continue to boil. Looking in the crystal ball, and even with the possibility of Republican inroads in the upcoming elections, here is what we see being added to the mix:

Enough Hot Cybersecurity Risks to Keep the Cauldron Boiling: RFG has been focused on cybersecurity for the past few years. Now we are actively engaged in drafting cybersecurity incident response plans. Cyber-incident response plans need to accomplish two goals. One is to identify and remediate IT concerns. The other is to provide a firm governance structure so that when the inevitable cyber-attack occurs the firm will be positioned to respond promptly and will not overlook important considerations. Many of these requirements will come from states which are ramping up their rules on data privacy issues, as well as investors and service providers. Firms must not ignore international requirements. Both the Cayman Islands and the EU have existing and pending changes. In the EU, for example, a pending new directive gives authorities the power to fine companies for violations, up to the greater of €100 million or 5 percent of their annual global turnover.

All of this means that cybersecurity incident response plans need to be comprehensive with respect to the jurisdictions covered and to the types of incidents that they address. RFG can help you accomplish your goals.

A Pinch of Activity-based Regulations: The Financial Stability Oversight Council—the inter-agency team, spearheaded by the banking regulators, to identify and mitigate systemic risk to the U.S. financial system—has had its eye on the asset management industry for over a year now. Back in September 2013, the FSOC’s research unit produced a paper bringing potential issues to light, which was met with strong pushback from the industry. The FSOC continues to explore these risks, but has done so only behind the scenes in closed-door meetings so as to avoid more public outcry. Our expectation, which several regulators have hinted at, is that we won’t see firms become subject to full-scale prudential regulation by the FSOC solely because they are in the asset management industry. Rather the FSOC will take an “activity-based” approach to regulation and target specific practices that it views as risky (e.g., leverage, securities lending, etc.). These regulations could have a more direct impact on all firms engaging in these activities.

Two Pounds of EU Change: Up next in the EU is the Markets in Financial Instruments Directive II (MiFID II), which will come into effect by the end of 2016, although member states could implement it sooner. MiFID II will expand MiFID I, and reach investors and advisers that were not previously caught within the MiFID I framework. Also expect increased focus on, and substantial penalties as a result of, EU cybersecurity issues, which we discuss above. A Sprinkle of Gatekeeper Liability: The regulators are continuing to focus compliance enforcement efforts on lawyers, accountants, compliance officers and senior management—all seen as key decision makers when it comes to preventing a regulatory misstep. They are growing tired of the shenanigans they have seen in some banks and believe that a little blood from trusted advisors can provide the right balance in the stew. The upshot? Those who thrive in times of regulatory change will continue to have a feast.