Financial Services Regulation and Compliance - Investment Firms November 2023

Domestic

CBI publishes Dear CEO letter outlining results of thematic review of firms undertaking algorithmic trading

On 2 November 2023, the Central Bank of Ireland (CBI) published a “Dear CEO Letter” (the letter) to MiFID investment firms undertaking algorithmic trading. The letter follows the CBI’s thematic review of the annual self-assessment and validation process across firms undertaking algorithmic trading activity (the review) and outlines the CBI’s key findings expectations in the area.

The review was undertaken to assess how MiFID investment firms undertaking algorithmic trading have incorporated, within their risk management and control frameworks, the requirements set out in Commission Delegated Regulation (EU) 2017/589, which contains regulatory technical standards specifying the organisational requirements of investment firms engaged in algorithmic trading.

The CBI identified the following areas where significant improvement has been made:

  • formalised processes and controls in respect of the development, testing and monitoring of algorithms that clearly evidence second line oversight of algorithmic trading activity
  • greater ownership at a local entity level evidenced through entity level policies and procedures
  • a clear distinction of roles and responsibilities between the first and second lines of defence, within the second line, between risk and compliance

The CBI identified differing stages of maturity across the sample of firms reviewed in terms of both the design and implementation of the self-assessment and validation process. Key concerns arising from the review include:

  • deficient governance frameworks which gave rise to Article 9 self-assessments which lacked sufficient detail to show compliance
  • a lack of formalised arrangements for the continuous training and development of staff
  • failure to maintain sufficient record keeping of material changes and comprehensive procedures in respect of conformance testing
  • procedural documentation was insufficient regarding the assessment and escalation of market surveillance alerts
  • there was a lack of adequate business continuity arrangements in place with clearly outlined procedures and associated training arrangement

Finally the letter also set out the CBI’s expectations for firms engaging in algorithmic trading activity and recommended that such firms undertake a number of actions.

European

ESMA puts digital resilience and cyber risk as new Union Strategic Supervisory Priorities

On 9 November 2023, ESMA announced that is changing its Union Strategic Supervisory Priorities (USSPs) to focus on cyber risk and digital resilience alongside ESG disclosures. With this new priority, a greater focus will be placed on firms’ ICT risk management, with EU supervisors developing new supervisory capacity and expertise and overseeing companies’ operations. The aim is to keep pace with market and technological developments, and closely monitor potential contagion effects of attacks and disruptions across markets and firms.

The new USSP will come into force in 2025, and while the new USSP will replace the current market data quality USSP, ESMA has stated that data quality remains the primary duty of supervised entities.

For more information on these topics please contact any member of A&L Goodbody's Asset Management & Investment Funds team.

Date published: 14 December 2023