It has been a year since the introduction of the General Data Protection Regulation (GDPR) and nearly 18 months since the second Markets in Financial Instruments Directive (MiFID II) came into force. Asset management companies were impacted mostly by the implementation of these two new regulations, besides others such as the Insurance Distribution Directive (IDD), to name but a few.
MiFID II, which came into force from January 3, 2018, is a legislative framework instituted by the European Union to regulate financial markets and strengthen protection for investors. The aim of this directive is to restore confidence in the financial industry after the financial crisis exposed weaknesses in the system, and improve the functioning of financial markets, making them more efficient, resilient and transparent. MiFID II has thus imposed a number of changes in the financial markets world, reinforcing rules on securities markets by ensuring that organised trading takes place on regulated platforms as well as the reporting of all trading being done in a timely manner to both the regulators and the investors.
Distributors of financial products were also faced with a number of new obligations. Asset managers, who qualify as manufacturers of products, namely collective investment schemes, are obliged to issue target market specifications to the distributors of their products, and ensure that their products are sold in line with such specifications. Furthermore, new obligations have been imposed on the sourcing of research an asset manager carries out prior to placing a trade, as well as the way investor complaints are handled and on record keeping.
GDPR gives more rights to an investor to request access to their records
MiFID II has also introduced measures which align obligations to those already imposed on UCIT managers, such as the remuneration policy, personal dealing policy, as well as the restriction on the receiving and giving of gifts and rebates by asset managers. All these measures aim to ultimately ensure a high degree of harmonised protection for investors of financial instruments, whilst improving the competitiveness of EU financial markets and creating a single market for investment services and activities.
Another regulation that has greatly impacted asset managers was GDPR, which came into effect from May 25, 2018. GDPR covers all EU Member States and applies to all entities holding or processing the data of individuals. Most asset managers were already subject to the Data Protection Act, and should have already had robust controls in place; however, the new regulation has placed a great emphasis on the importance of the protection of the rights of EU citizens in respect of their data. Therefore, asset managers who hold or process data in respect of investors of collective investment schemes have had to review all of their processes and policies to ensure adherence to the new regulations, especially given the hefty fines in place should a breach of regulations occur.
Asset management companies of collective investment schemes who have individual investors on their books have had to work out whether they, or the fund administrator, are the ‘data controllers’ or ‘data processors’ or both, with agreements having had to be renegotiated and updated prior to the GDPR effective date.
Furthermore, a lot of consideration had to be given to the controls in respect of keeping investor data secure and the processes that would need to be activated should a data breach in respect of an investor occur.
Another area that had to be given great consideration by asset management companies is marketing, given that one needs client consent prior to sending any marketing material.
GDPR protects the data rights of all individuals, whether they are retail clients, ultra-high net worth or have opted up to be professional clients. Furthermore, GDPR gives more rights to an investor to request access to their records. This can be both an administrative burden to asset management companies and fund administrators alike. This regulation has fundamentally reshaped the way in which data is handled across the finance sector, and beyond.
Last year was a year of radical regulatory changes in the way asset management companies operate, and the regulations’ impact on the industry is viewed as a positive move within the industry. In reality, most asset management companies had controls in place already, but perhaps not as transparent as they are now. Most of the companies needed to update the capturing of consent and evidence from clients, which is essential in the asset management business for customers’ trust more than anything else.
The ultimate aim of both MiFID II and GDPR, as well as other regulations, is the protection of the investor, and 2019 is a clear testimony to all this. In Europe, one thing is for sure, regulation will keep flowing, both in the coming months and years ahead.
Avalon Abela is head, Compliance and Regulatory Affairs, Compliance Officer and MLRO at BOV Asset Management Ltd.
The writer and BOV Asset Management Ltd have obtained the information contained in this article from sources they believe to be reliable but they have not independently verified the information contained herein and therefore its accuracy cannot be guaranteed. The writer and the company make no guarantees, representations or warranties and accept no responsibility or liability as to the accuracy or completeness of the information contained in this article. They have no obligation to update, modify or amend this article or to otherwise notify a reader thereof in the event that any matter stated therein, or any opinion, projection, forecast or estimate set for the herein changes or subsequently becomes inaccurate. Furthermore, past performance is not necessarily indicative of future results. BOV Asset Management Ltd is licensed to conduct investment services in Malta by the Malta Financial Services Authority.