Welcome to The MPAC Group, the UK's leading corporate compliance and regulatory advisory firm.

We have achieved this respect by working closely with our clients to meet their corporate regulatory, financial or legal obligations.

We believe client satisfaction is a function of people, solutions and delivery. At MPAC, our team of experts is comprised of experienced compliance officers, money laundering reporting officers (MLROs), senior regulators, qualified actuaries, lawyers and accountants from the financial sector delivering a wide array of services targeted to help our clients navigate through various corporate landscapes. Please take a look at how MPAC can help your business grow.

Attend our "Roles of Compliance Officer,
and Money Laundering Reporting Officer Workshop".

Attend our "Client Money and Assets Workshop"


Crypto Ban

The FCA is launching a consultation (CP 19/22) on whether to ban the sale of all crypto derivatives and exchange-traded notes to retail consumers, which brings them into line with ESMA's growing crackdown on retail CFDs. According to the FCA's research, it will apparently save consumers between £75m-£234.3million of lost investments a year. However, even the FCA acknowledges that the ban will push consumers to use unregulated firms which may well be in overseas jurisdictions where their investments will be utterly unprotected; so the supposed savings are likely an overestimate as any such monies remitted to the bogus brokers, funds etc will be lost but, in these cases, the FCA won't be seen to be responsible. . The crypto industry has criticised the FCA's their unnecessarily heavy- handed approach and their early dismissal of any alternative methods of regulating the new asset classes. MPAC Group will be responding to the consultation on our own behalf and on behalf of certain clients

Should you need any additional information, advice or assistance, please do not hesitate to contact us on +44 (0) 20 3056 0956 or email us on info@mpacgroup.co.uk

SMCR - is your firm ready?

The Senior Managers and Certification Regime ("SMCR") will replace the Approved Persons Regime on 9th December 2019 for all firms regulated solely by the FCA under FSMA. It has already been rolled out to banking firms and insurers. It is all part of the FCA's drive to increase the accountability of the individuals working in these firms following the various conduct scandals that rocked the UK banking sector after the 2008 financial crisis (such as LIBOR manipulation and PPI mis-selling). SMCR is underpinned by three key pillars that firms must abide by:

  • the Senior Managers Regime;
  • the Certification Regime; and
  • the Conduct Rules.

The FCA has, however, taken a proportionate approach to the extension of the SMCR rules by creating three classifications of firms:

  • Enhanced firms - where the requirements are similar to the banking SMCR rules;
  • Core firms - which applies to most firms that are neither "Enhanced" or "Limited"; and
  • Limited Scope firms - where light touch SMCR requirements are applied.

The majority of firms will be Core firms. For these firms, individuals holding Significant Influence Functions under the Approved Persons Regime will automatically be transferred to the Senior Managers Regime. They will become Senior Managers and will hold Senior Management Functions ("SMFs"). Senior Managers will require a "Statement of Responsibility" setting out their role and responsibilities.

Current CF30 function holders and certain other individuals, however, will not become Senior Managers. They will instead fall under the Certification Regime and will need to be assessed by firms themselves rather than being approved by the FCA. Firms will need to assess they are fit and proper and issue them with a certificate annually.

The Conduct Rules will replace the Principles for Approved Persons. All employees except ancillary staff, such as receptionists, switchboard operators, etc. will be bound by Individual Conduct Rules. Senior Managers will also be bound by an additional tier of Conduct Rules.>/p>

MPAC has developed an SMCR toolkit to provide firms with training, policies, templates and guidance to enable them to implement SMCR effectively. If you would like further guidance on SMCR or a discussion about how we can help, please don't hesitate to contact us on +44 (0) 20 3056 0956 or email us on info@mpacgroup.co.uk.

What Next for Crypto?

On 9th May 2019, the FCA published the Minutes of its Meeting of 28th March at which it considered the UK Government's proposed approach to crypto asset regulation and supervision.

It was noted that HM Treasury is consulting on the introduction of domestic legislation to implement an AML regime for certain crypto asset activities by January 2020. The Treasury is also proposing to include further provisions that would require the UK to meet the relevant FATF standards and has requested the FCA to take on supervision of the new regime. The Board Minutes reflected that the proposed new regime would introduce AML supervision for businesses that enable (1) crypto asset exchanges and (2) custodian wallet providers which store crypto assets for underlying clients. Depending upon the consultation's final outcome, it may also include other types of business models which facilitate exchange of one crypto asset for another, crypto asset ATMs and also possibly businesses enabling peer-to-peer exchange of crypto assets or the provision of wallets without arranging actual custody of such wallet. In essence, this is the Treasury proposing to "gold plate" 5 MLD and extend its reach which has been seen as controversial in certain parts of the market.The FCA Board also addressed the resourcing implications and the corresponding risks/issues associated with assuming these new supervisory responsibilities. As far as risks not covered by the regime itself are concerned e.g. technology and resilience requirements, financial promotions and consumer protections, the Board deliberated on whether communication alone was sufficient for managing such risks and whether it would be necessary to implement additional rules; further discussion on this topic was deemed to be necessary.

The Board agreed in principle that the FCA is prepared to act as AML supervisor for specified UK based crypto asset businesses provided this continues to be the Treasury's preferred approach following close of the consultation on 10th June 2019. This will be dependent on a comprehensive blueprint of the regime and development of the supervisory model and associated funding. The FCA also undertook to ongoing interaction with the sector pending the consultation outcome to shape design, and allow timely implementation, of the new regime. All EU Member States are required to implement 5MLD by 10th January 2020.

Any queries about crypto, contact us on +44 (0) 20 3056 0956 or email us on info@mpacgroup.co.uk

Securities Token Offering (STO)

It's what we have been talking and writing about for a long time now… a mainstream Security Token Offering (STO). The week saw the issue of a €100m debt issue by a subsidiary of Soc Gen Paris; fully subscribed by the bank itself. Actually it was a covered bond called an OFH (obligations de financement de l'habitat). The bank says it was a live, experimental issue to test the backend systems amongst other things. Interesting as to whether this will cause other major institutions to speed up their offerings, live and/or experimental?

The opportunities for the issuer to reduce operations costs are potentially significant and can also increase liquidity in such issues - so we watch the first OFH with interest. If you want to talk about how we can help in you launching your own STO or need help in being regulated in any way to participate in the new world order of distributed ledgers and crypto, please do contact us. We are working in many areas of this sector and be delighted to help.

Should you need any additional information, advice or assistance, please do not hesitate to contact us on +44 (0) 20 3056 0956 or email us on info@mpacgroup.co.uk

GDPR- What's in Store in the Regulatory Enforcement Backdrop?

The ICO published its Regulatory Action policy late last year, the high level guidance on how it will apply GDPR enforcement powers going forward. The ICO has said that it will update the Policy to reflect any amendments to legislation, including any implementation of an updated e-Privacy Regulation, which was anticipated to occur towards the end of this year/start of 2020; but this is dependent upon the final settlement between the EU and the UK post-Brexit being confirmed.

There have been no data breach penalties imposed under the new GDPR regime by the ICO as yet. However, recent enforcement actions and penalties in cases initiated under the 1998 DPA have resulted in maximum fines of £500,000 being imposed on Facebook and Equifax which indicate that the Commissioner will impose heavy fines under the new regime in the near future.

To put some context on this, in the case of Lloyd v Google LLC regarding a Safari workaround, the class of affected users was estimated at different times as comprising in the region of 4-5 million people; with a suggested tariff of £750 per claimant, Google's potential liability would be between £2-3 billion. In another action, CNIL (French Data Regulator) imposed €50m fine on Google as a result of users not giving informed consent; this is under appeal by Google. So these give some indication of the potentially significant fines and claims to come with the added dimension of specialist litigation funding coming into play in the large class actions.

Should you need any additional information, advice or assistance, please do not hesitate to contact us on +44 (0) 20 3056 0956 or email us on info@mpacgroup.co.uk

ESMA Q&A - MiFID II - Reverse Solicitation

ESMA has recently updated its Q&A on MiFID II and MiFIR investor protection and intermediaries. One of the key questions addressed is whether under Article 42 of MiFID II the reverse solicitation rule allows a firm, within the context of a one-off service to a client, which has sold/has had the opportunity to sell a product or service under this rule, to offer again products/services from the same category? The short answer is No. The reverse solicitation exemption is based on the proviso that the product/service is marketed at the client's own exclusive initiative and can only be applied to the specific/product service provided.

When a one-off investment service is provided to a client, the third country firm must not sell to that client (without establishing a branch as required under local law) a product/service from the same category, unless it is requested to do so by the client at its own exclusive initiative and only at the time that the client asks for an investment product/service.

In the course of a transaction, the firm may offer the client another product/service of the same category as the one requested by the client but not at a later stage- unless the client specifically requests it on its own initiative. So, for example, if the client contacts the third county firm to buy an equity, the firm could market other equities from the same stock exchange sector to the client. However, the firm would not be entitled to market additional equities to the client one month later- unless this was to be carried out via a branch.

Should you need any additional information, advice or assistance, please do not hesitate to contact us on +44 (0) 20 3056 0956 or email us on info@mpacgroup.co.uk

Ransomware - Regulatory Considerations

Traditionally, Ransomware was intended to generate money for the perpetrator with operational disruption a necessary bi-product. Payment of the ransom usually entailed obtaining a decryption key via which compromised files could be restored and the disruption mitigated. Newer iterations of Ransomware (e.g. Ryuk and LockerGoGa)have tended to maximise operational disruption rather than financial distortion and been more targeted and malicious to the affected entity as a whole. Ransomware as a Service (Raas) has been on the increase and offers broader access and a profit sharing model which aligns the interests of the developers and users who have acquired it.

From a regulatory perspective, this gives rise to the question of what qualifies as a "personal data breach" under GDPR ? The impact of the Ransomware attack could amount to a Confidentiality breach (unauthorised or accidental disclosure or access), an Integrity breach (unauthorised or accidental alteration) or an Availability breach (accidental or unauthorised loss of access or destruction). Notification to the supervisory authority (ICO) is required within 72 hours of becoming aware, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals (Article 33 GDPR).

Regarding whether payment of a ransom is legal, in the case of Masefield AG v Amlin Corporate Member Ltd (The Bunga Melati Dua), the English Court of Appeal ruled that "there is no universal morality against the payment of ransom..and there is no evidence before the court of such payments being illegal anywhere in the world." Other considerations are whether the provisions of the Terrorism Act 2000 may apply and if there is reasonable cause to suspect that the ransom money will/may be used for the purposes of terrorism or if economic sanctions provisions are implicated.

Should you need any additional information, advice or assistance, please do not hesitate to contact us on +44 (0) 20 3056 0956 or email us on info@mpacgroup.co.uk

FCA Publishes Dear CEO Letter on its Expectations of Firms' Approvals of Financial Promotions

On 11th April 2019, the FCA published a Dear CEO letter outlining its expectations on how firms approve financial promotions. This Dear CEO letter follows the FCA's previous letter of 9th January 2019 to CEOs of all regulated firms which sought to remind firms of the importance of complying with the rules on financial promotions when authorising communications from unauthorised persons, in particular that promotions approved must be fair, clear and not misleading. Since then, the FCA has identified a number of examples where due diligence on financial promotions has fallen below the standard expected.

The FCA emphasised that if an authorised firm provides an "S21 approval" of a financial promotion issued by a firm that is not authorised or for a product that is not regulated, it will require the authorised firm to show that it has assessed the promotion is fair, clear and not misleading. COBS 4.2.4G outlines the factors that should be considered. Retail investments promising high returns through complex structures are particularly difficult to present in a manner consistent with these rules. The FCA drew on the promotion of mini-bonds and other unlisted securities as an example. Promotions involving such products to retail clients are typically restricted to high net worth individuals, sophisticated investors, or those who have confirmed they are not investing more than 10% of their assets in non-readily realisable securities in accordance with COBS 4.7.7R(3). The firm that approves or communicates such direct offer financial promotions has responsibility for ensuring this restriction and the rules on the appropriateness of the investment are complied with.

The FCA also sought to remind firms of the following rules on financial promotions:

  • COBS 4.10.2R(1) - Before a firm approves a financial promotion for communication by an unauthorised person, it must confirm that the financial promotion complies with the financial promotion rules;
  • COBS 4.10.2R(2) - If a firm becomes aware the financial promotion no longer complies with the rules, it must withdraw its approval;
  • COBS4.10.1G - A firm that communicates or approves a financial promotion must have put in place adequate systems and controls to comply with the financial promotion rules; and
  • COBS 4.5.2R(2) - Firms must ensure that information is accurate and always gives a fair indication of any relevant risks when referencing any potential benefits.

Should you need any additional information, advice or assistance, please do not hesitate to contact us on +44 (0) 20 3056 0956 or email us on info@mpacgroup.co.uk

Standard Chartered Bank Fined £102.2 million by the FCA for AML Failures

On 9th April 2019, the FCA published a Decision Notice (from 5th February 2019) issuing a fine to Standard Charted Bank ("SC") of £102,163,200 for anti-money laundering ("AML") breaches under the Money Laundering Regulations 2007 ("MLRs"). It is the second largest penalty for AML failings ever imposed by the FCA. The fine follows investigations into two of SC's higher risk business areas: its UK Wholesale Bank Correspondent Banking business and its branches in the United Arab Emirates ("UAE"). The FCA concluded that SC had failed to maintain appropriate risk-based policies and had failed to apply UK equivalent AML and counter-terrorist financing procedures in its UAE branches as required by the MLRs.

Moreover, the FCA investigations revealed failures in SC's internal assessments of the adequacy of its AML controls, its approach to identifying AML risks and escalation of such risks when identified. Examples of the failings that the FCA identified include:

  • opening an account with 3 million UAE Dirham in cash in a suitcase (just over £500,000) and failing to investigate properly the origin of funds; and
  • failing to conduct sufficient checks on a customer exporting a product that could have a military application.

The failings occurred in the UK Wholesale Bank Correspondent Banking business from November 2010 to July 2013 and in the UAE branches from November 2009 to December 2014. SC qualified for a 30% discount by accepting the FCA's findings, reducing the penalty from £145,947,500.

The full Decision Notice is available here.

MPAC is proud to be a member of the

Graduate Compliance Internship

The MPAC Group works closely with financial services providers to advise them on all aspects of their regulatory obligations. We provide retained and advisory compliance support to our clients, ranging from start-ups that require authorisation advice to established brokers, corporate finance advisers, electronic money institutions, payment services firms and asset managers

We are looking for an intern to assist and support members of the MPAC team on various client projects and tasks.

Click here for more information