Financial Services Update
Current Issues | Financial services | 6th September 2017
As the summer is a bit of a quiet time (and the FCA have had their hands full implementing MiFID II guidance) there isn’t too much on the regulatory front in this update. This makes it a good time to mention Making Tax Digital as it will affect all business and it is not that far away.
Although it was temporarily shelved, it is now back and is due for implementation from April 2019.
From this date if you are VAT registered firms can “voluntarily” submit transactional data together with their VAT return. It is likely that those who don’t submit the data voluntarily will be under more close scrutiny from HMRC, so it’s advisable to submit it.
There are also plans that all companies, partnerships and sole traders in the UK will need to submit quarterly corporation tax returns and transactional information from their accounting software.
The upshot is that all businesses in the UK will need to be on MTD compliance accounting software soon. So it is a good idea to make enquiries about your current software being MTD ready, and is also a good opportunity to see what alternative products are available. The cloud accounting solutions are particularly good.
GDPR (General Data Protection Rules)
This is again more of a wider business awareness but will apply to all firms and presents unique challenges to those in the financial services sectors.
The rules come into effect from May 2018 and at a high level concern the data you hold which is personally identifiable (i.e. linked with a person), why you are holding it, how long you’ve had it for, and where it is being held.
Essentially you should not hold information if you no longer need to have it, and you need to ensure that you take necessary steps to protect it. When sending data electronically you will need to ensure it is encrypted (unsecured emails will not be allowed). The onus is on your firm to protect the data it both has, and is sending out.
This means undertaking a data audit covering all information the firm holds on its clients (and staff). This includes paper and electronic information. You then need to decide on whether you still need to hold this data, and if not, it should be destroyed.
Customers have a right to demand to know what data you hold on them, and in certain circumstances to destroy it should they ask you to.
FRS001 and FSA002 returns
The PRA have said that from 1 January 2018 these returns will be replaced by COREP style FINREP returns. It is unclear whether all firms who submit these will be in scope, and they have not been included with GABRIEL at the time of writing for smaller firms, but it is something to keep an eye on. If you are in scope, you will need to submit these in xbrl format, in the same way as the COREP and Asset Encumbrance Returns, so it means higher software costs.
I’m keeping this on here as a reminder as it is approaching every closer! If you have not yet assessed the impact of MiFID II and the way this is going to impact your business you should act now. A gap analysis will help show where the company is against where it needs to be. If you need help with this, please get in touch and we can point you in the direction of a specialist compliance firm.
If you need to change any permissions or apply for authorisation, the deadline was 3 July 2017 for the application to go into the FCA, so this has now passed. This was the date which guaranteed it will be in place for when it goes live on 3 January 2018.
The FCA has released its final policy statement (PS17/14) on how MiFID II will be implemented in the handbook. So all policy statements on the implantation have now been released and are available.
The FCA have released a consultation paper (CP17/32) which sets out proposals for charging authorised payment institutions (APIs) and authorised electric money institutions (AEMIs) which wish to vary their permissions to provide payment initiation services (PIS) and account information services (AIS). These services are being brought into the scope of FCA regulation under the second Payment Services Directive (PSD2). PSD2 comes into effect in the UK for most purposes from 13 January 2018 through the UK’s Payment Services Regulations 2017 (PSRs) and parts of the Handbook.
Firms will need to apply for reauthorisation if they wish to continue to provide payment services under PSD2. If this affects you, it’s something to speak with your compliance team/advisors about to ensure you have the correct permissions.
Specific advice should be obtained before taking action, or refraining from taking action, on any of the subjects covered above. If you would like advice or further information, please speak to your usual Shipleys contact.