Mike: Welcome to our fifth episode in our special limited podcast series on FX Rules Changes in 2023. I'm Mike Cahill, head of video and podcast content for Sales Enablement at the London Stock Exchange Group. Our focus here is on European regulatory developments. We're talking with Chris Leonard Appleton, head of FX risk and Regulation. So, Chris, Europe has driven regulatory developments in financial services in recent years, in particular with MiFID two in 2018.
Mike: There's an ongoing MiFID review now. Are we facing a new MiFID 3?
Chris: I don't think we can characterize this as a MiFID three. So I think if we go back to 2010 when MiFID two was first proposed by the European Commission, what started off as a technical review turned into a full blown rewrite in response to the financial crisis and the Pittsburgh agreement in 2009.
Chris: I think it was now. So it was a big regulatory overhaul that had some pretty serious implications for much of the financial industry. So that's why you could justify the 1 to 2. I think what we're seeing now is more of a technical review with a clean up, if I can put it that way, because MiFID 2 changed a lot of stuff.
Chris: The lot the rules I don't think were entirely correct, if I can put it that way, or pragmatic. I think that's been noted by the Commission and by the European authorities. I think they want to fix that and I think they want to improve things. So that's really what we're seeing with the with the MiFID review this year.
Mike: So what can we expect to change as part of that review? Do you think the changes are positive or negative?
Chris: Well, I think for FX, there have been some very positive and pragmatic changes, in fact. So a couple of things which we have seen mooted are the removal of pre trade transparency requirements for RFQ invoice dealer platforms, which I think is to be very seriously welcomed.
Chris: And I think that generally aligns with what the UK is doing with its rewrite as well. We've also seen removal for the requirement for trading venues to publish execution quality reporting, which frankly speaking, required an awful lot of data to be published. None of it was really of much use. Nobody ever read it, and it took venues a lot of time to generate it.
Chris: So I think that's to be welcomed as well. And that also aligns with the UK. So I think where we see instances of regulatory convergence between the biggest jurisdictions, that's always to be welcomed because it just makes lives life simpler. So those are pragmatic. I think we're seeing a lot a number of other changes that have been proposed, not most notably with the consolidated tape.
Chris: And just to take it back back up a bit, we're very much at the point where the regulation is actually being agreed by the European Council, the European Commission and the European Parliament. So what tends to happen is those three parties put forward their own ideas and then they sort of come together in a trialogue session and agree on the final text.
Chris: So at the moment, what we're seeing is different ideas from those different institutions about what the consolidated tape would look like. Generally speaking, I think we're going to end up with a consolidated tape that will be mandated for particular asset classes. It remains to be seen whether it would just be post-trade data or pre trade data as well.
Chris: And I suspect that trading venues will have a mandatory requirement to give data to that provider at whatever a commercial model is agreed. So this has the potential to be quite fundamental to the way that our industry works and the way that data is disseminated. And it's certainly one that we're looking at quite closely elsewhere. Some of the changes that are occurring, notably in equities I think are probably quite sensible.
Chris: There's the move to converge, the double volume cap into one cap, which I think is probably sensible. It doesn't go as far as the UK, which hasn’t actually got rid of the double volume cap entirely. So there is a case of divergence that's occurring there between those two jurisdictions. And finally, we're seeing a proposed ban on the payment of order flow.
Chris: Now that could have some quite serious ramifications, particularly in the equity markets, notably where we occasionally, I can put it that way, see a lot of competition between the dealer brokers that use that and the venues who don't. So it would be interesting to see how that all pans out when those requirements go live.
Mike: You know, I want to interject a question here.
Mike: In the course of our discussion, something that occurs to me with all these different rules, changes and rules regimes that we've been talking about in the series of podcasts. Do they change just once a year, Chris, Or are there ongoing changes during the calendar year or whatever the year is when these new changes kick off.
Chris: Generally speaking, statutory changes of this nature-So MiFID is a is this is a piece of statute effectively, it's a level one text in Europe. Those texts have to be reviewed once every three years. So that's a it's a technical review that can then lead to a statutory change. So that's what we're seeing with MiFID at the moment. Away from that, what you tend to see is primary legislation being changed as a result of either a macro event. So the financial crisis is a is a very good example, case in point, or because you have a new administration come in with a new manifesto. So we occasionally see that in the US. I mean, in the US with financial role, you tend to see a lot more stability, if I'm honest. You see a lot more rule writing occurring by the CFTC in the SEC.
Chris: Then you will see primary legislation being promulgated by the by Congress. And in the UK, we were obviously going through the Edinburgh reforms. The Financial Services Act is getting rewritten. There's a huge amount of change that's occurring, but mainly as a result of Brexit. So it would normally be a big macro event that will result in large scale regulatory changes that are at a statute level.
Mike: Very good. So getting back to the main focus of this discussion, European regulatory developments, there's been a lot of talk about DORA and operational resilience in general. Could you explain what these mean in practice for the industry? And I guess you could start by explaining what DORA is.
Chris: DORA the is the digital operational resilience at the Europeans. They love their abbreviation, as virtually anybody does.
Chris: There is a lot of focus on resilience at the moment, particularly ICT resilience and the risk of cyber. So DORA, which is now live, it's actually in the official journal, there's a 24 month implementation period, so it will get fully implemented in Q1 of 2025. Really seeks to ensure that investment firms in the EU have resilient ICT risk framework.
Chris: So this includes anything from ensuring that you have adequate penetration testing arrangements, proper reporting of incidents, all of this sort of stuff, unless it's supposed to be additive to the requirements that exist within things like MiFID or CRD or any of those other primary pieces of legislation. The critical thing about DORA is that it recognizes that a lot of investment firms actually outsource ICT services to third parties.
Chris: And those third parties, you can think of a cloud provider or whoever it might be, generally speaking, aren't regulated, which means that the European authorities can't impose regulatory obligations on those firms. So the way that DORA works is basically to say to an investment firm you have to remediate your contractual arrangements with that. ICI service provider to ensure that the ICT service provider meets the standards in DORA.
Chris: So it's a way of basically implementing law through contract that causes- that takes DORA to a whole new level, because one, it imposes an extraterritorial element to it because suddenly EU law is being imposed potentially on US firms via contracts. It means that all of those contracts have to be remediated, which is a substantial repapering exercise, and that's in addition to the remediation that may need to occur as a result of upgrading firms ICT risk frameworks.
Chris: And yeah, if we look at some of the things that are currently being proposed in the level two and the level three. So yeah, the potential, for example, of moving to the Europeans, TIBER, the EU penetration testing standard, that's an incredibly expensive, if I can put it that way, cyber penetration test expensive is the wrong word. It is a very, very, very rigorous test that if all firms have to use could potentially be disproportionate in terms of cost and effort.
Chris: So those standards we're expecting to see towards the end of this year, Obviously, this is just the proposal at the moment. It certainly isn't in the standard, but I think we can anticipate that a lot of firms will have a lot of work to do to ensure that they remediate their frameworks and also ensure that all their papering is up to date as well, their ICT service providers.
Mike: So what about other changes happening on the European front? Are there more in store or more going on at the same time?
Chris: I think yeah, I'd probably break this into two bits. The first is in the digital asset space, so we have MICA that's going through at the moment or MICA this, this really seeks to put a regulatory regime around digital assets.
Chris: I should add that all of the major jurisdictions are looking at this. We talked about primary legislation being introduced in the US and it doesn't happen very often. Actually, this is one of the things they're looking at as well at the moment. And we've seen a lot of papers from the Fed on CPDs Central Bank, digital coins, etc. So I think it would be interesting to see where that goes.
Chris: One of the biggest challenges at the moment is how you put a regulatory wrapper around digital assets. So how do you define what a digital asset is from a regulation perspective? Is it's a transferable security, is it a coin, is it FX. You know, all of these things have to be worked through and some it's a fascinating area at the moment.
Chris: Away from the digital space and coming back more to what we do in FX at LSEG There have been a lot of papers recently, notably from ESMA, the FCA and the CFTC on the definition of trading venues. And this is an area where we expect quite a lot of impact in the industry. So if a technology provider, which is currently not regulated as an MTF or a SEF is providing services that look like that, the guidances that have been put out by ESMA, soon to be the FCA and the CFTC back in 2021, I think it was really leave little doubt about what should be a trading venue and what shouldn't be and that could have some pretty fundamental implications to those firms, whether or not regulators MTF SEFs. I mean obviously it really imposes a lot of regulatory requirements on them and and imposes a lot of technical requirements on them as well. At the risk of putting forth and understatement would be interesting to see where that goes.
Mike: You know, Chris, you mentioned earlier that requires a macroeconomic event for different rules and regulations to start being discussed.
Chris: And then, you know, up here in the marketplace when a big macroeconomic event takes place, is it usually one region that takes the lead first and then other regions or countries follow that one? Or does everybody kind of wait for somebody to take the lead and then they all follow up and get together on new rules?
Chris: I think it entirely depends on what the event was.
Chris: So the financial crisis was so macro that actually a lot of the developments that came out of that came from the G20 at Pittsburgh in 2009. And amazingly, we're still talking about Pittsburgh today because all of the policy announcements that got agreed at the G20 are still being worked through from a legislative and the regulatory perspective today. So this is things like SA-CCR things like FRTB, those are all sort of after effects from the G20.
Chris: So what you'll tend to see with a big macro event like that is international institutions like the G20, like the BCBS will come together, agree the policy institutions like the BCBS and IOSCO will agree international standards and then jurisdictions will be expected to go away and implement those in law. So such as the EU, the UK, or whatever it might be.
Chris: So you get international agreement on policy standards setting at the international level and then rules written or well, laws written and then rules written at the jurisdictional level. If it's something smaller than that. We have seen situations that digital assets is a classic case in point where we're seeing a lot of jurisdictions just taking almost unilateral action. They realize that there's something to regulate.
Chris: They possibly haven't quite got their head around how to do it, but they want to be standard setters in their own right. So this is where the EU, the US, discussing potential legislative changes in the House at the moment, those haven't really been as a result of any sort of policy agreements at the international level such as at the G20.
Chris: Those have really been national jurisdictions saying we need to fix things in our own backyards and then other jurisdictions monitoring that and looking to converge if necessary or potentially taking advantage from divergence. So it really depends on the event, It really depends on the risks. But yeah, there can be any number of ways that these sorts of changes will get executed.
Mike: Thanks again to Chris Leonard Appleton, head of risk and regulation at the London Stock Exchange Group. I'm Mike Cahill and thank you all for listening.