On April 23, AFME and Murex held a workshop discussion to explore how incoming cyber testing requirements, combining both banks and third-party providers in a single exercise, could work in practice. With the application of the Digital Operational Resilience Act (DORA) from January 2025 fast approaching, the innovations in operational risk management are increasingly coming under the spotlight. AFME’s latest industry workshop focused on one innovation which has generated a lot of interest: namely pooled resilience testing, capturing both a number of financial entities and third-party providers. Pooled testing has been specifically proposed as part of a financial entity’s Threat Led Penetration Testing (TLPT), a simulation-based exercise to assess in real-time how firms would respond to, manage and recover from a malicious actor. TLPT is based on the existing EU TIBER framework, and under DORA it will be required on a three-year cycle. The workshop, which had over 90 participants from AFME’s membership, was convened in recognition that the decision to include a wider range of participants within one exercise, represents a significant expansion in TLPT scope. To include the perspective of a third-party ICT provider in their analysis, AFME invited Jean Al Zreibi, the Governance, Risk and Compliance Manager of the SaaS Service at Murex. During the session, Jean shared how Murex currently is conducting the Pooled TLPT to reinforce the security of the MX.3 SaaS solution, some of the upsides of this practice today, and the uncertainties in DORA that remain to be clarified. Ensuring that TLPT is a learning opportunity, rather than tick box exercise At the beginning of the discussion, it was reiterated that AFME has long supported TLPT as a valuable tool which can provide in-depth and accurate insights into how a firm would, in practice, enact its various risk management policies and safeguards. Given the scale of resourcing to undertake such an exercise, it is critical that maximum value is extracted. It was agreed this is best ensured in an environment which is open, challenging and focused on future enhancements. Such transparency can be challenging during an exercise involving potential competitors and suppliers. Firms will naturally be hesitant for any perceived deficiencies in their cyber security practices and controls to be visible to other market players or subject to collective examination. The temptation will be to refrain to shallow or cursory exercises, where the firm is confident of receiving a clean bill of health. Several participants also flagged there would need to be strict safeguards to ensure that restricted or sensitive information is beyond scope or securely handled. Failure to do so would likely breach existing NDAs or other contractual commitments, yet a heavy-handed approach could see firms resort to a checklist set of disclosures. Identifying a scenario which has both commonality and sufficient depth The discussion also underscored that previous experiences have shown the benefit of focusing a TLPT scenario on a smaller set of critical or important functions. This, it was agreed, enables the financial entity to go into greater depth on how these parts of the business would be impacted and identify detailed findings for future development. The challenge a number of attendees identified was how to ensure a combined scenario would retain this depth, while remaining relevant to a wider number of participants. The role of the provider may be key in finding common ground, but doing so without creating a circular set of reviews and approvals across each of the financial entities will be a challenge. One suggestion centred on the idea that regulators should identify commonalities from financial entities’ individual testing and subsequently corral them together. However, it remains uncertain whether there is the resourcing capability. Similarly, the crucial part of any TLPT is the lessons learnt and recommendations for future action. This is key to ensuring that the exercise is a learning opportunity with tangible benefits. Yet, there was consensus during the workshop that it is currently unclear how authorities intend to identify a series of lessons that can be applied across multiple parties without exposing sensitive information or becoming overly vague and high-level. Unlocking benefits from Pooled testing Nevertheless, there was a degree of optimism that careful planning, in conjunction with the industry, could help unlock a range of benefits from pooled testing. If presented and implemented effectively, the incoming requirements could ensure that duplicative testing across the financial market is unified into a single exercise, with the associated costs shared. It could also enable financial entities to leverage the technical expertise of their third-party providers. What happens next? The discussion concluded by noting that a lot of uncertainty remains surrounding the practical implementation of pooled testing . This is why, as part of our advocacy efforts, AFME has been calling for the authorities to develop standalone operational guidance before initiating any roll-out of these exercises. In the remaining months before DORA comes into effect, AFME will relay the views raised by members as we continue to work with the EU supervisory authorities to develop and promote operational guidance to provide clarity on these issues. AFME’s Technology &Operations team remains on hand to discuss any of these issues in further depth, or to provide an update on the organisation’s activity in this field. Please contact [email protected]  for further information.

The settlement efficiency rate – or the proportion of transactions which are completed on their contractually agreed settlement date – has become a topic of intense scrutiny for regulators and market participants in the European securities post-trade industry. The current default settlement period for most transactions stands at two days, or “T+2”. Measuring settlement efficiency is critical to answering other important post-trade-related questions that policymakers are currently weighing up. For example, whether changes to the Central Securities Depository Regulation (CSDR) Settlement Discipline rules are required. ESMA has recently consulted on potential changes to the cash penalties charged for settlement fails, including proposals to significantly increase the daily rate. Although mandatory buy-in proposals are currently off the table, they will only remain so if regulators are satisfied that levels of settlement fails do not pose any financial stability risk. Settlement efficiency is also closely intertwined with the current T+1 debate. It will be important to understand whether moving to T+1 will reduce settlement efficiency, and if so, by how much. A substantial increase in fails would mean the risk reduction benefits of T+1 are not fully realised. The question, however, arises as to whether settlement efficiency is being measured correctly. Different methodologies can produce different results, which could have a significant impact on informing policy decisions taken by public authorities. There are several dimensions to consider: Firstly, should settlement efficiency be measured by volume (i.e. based on the number of instructions that fail to settle) or value (i.e. based on the market value of the failing instructions)? In other words, should more importance be attached to one fail worth 100mn EUR, or ten fails each worth 1,000 EUR? If we are primarily thinking about the systemic risk impact, it seems intuitive to focus on value. Secondly, what type of activity should be included when assessing risk? Numerous instructions processed by CSDs do not necessarily relate to a “trade”. For example, collateral transfers, portfolio realignments, corporate actions, and other types of CSD-generated movements. Are these other types of settlements as important or relevant when assessing levels of risk? Another interesting question centres on how a multi-day settlement fail should be recorded. Should it be counted only once, on the first business day that the instruction fails or rather recounted as a fail on each business day that it misses settlement? Historically, there was no consistent, pan-European approach to these types of question. ESMA collected data from CSDs on a ‘best efforts’ basis and tried to make sense of it for inclusion in their biannual “Trends, Risks and Vulnerabilities” (TRV) report. The application of CSDR Settlement Discipline measures in February 2022 included a requirement for CSDs to provide regular settlement fails data to their relevant National Competent Authority (NCA) (and onwards to ESMA) in a standardised format. This requires CSDs to break down fails according to different criteria, such as the type of financial instrument, the type of transaction, whether it was intra-CSD or cross-CSD, and whether the fail resulted from a failure by the seller to deliver the securities or the buyer to deliver the cash. What does the data show? The most recent TRV report, published in February 2024, is the first to utilise the new standardised CSDR methodology. The benefit of establishing a common approach is the publicly available and consistent data that covers all CSDs in the EEA under the same methodology. However, this only provides consistent data from February 2022 to the present. ESMA’s data from pre-CSDR cash penalties uses a different methodology than from post-CSDR cash penalties. This makes it very difficult to assess the effectiveness of CSDR cash penalties and, consequently, to draw any conclusions about further policy developments. Nonetheless, there are clear positive signs: Figure 1 shows an extract from the last TRV report and uses the ‘old’ methodology, revealing a clear downward trend in equity settlement fails between April 2021 and April 2023, and a broadly flat trend in fixed income. This largely aligns with anecdotal feedback from market participants, who made efforts to improve settlement processes and reduce fails in anticipation of the introduction of CSDR penalties. Figure 2 showcases the first TRV report using the ‘new’ methodology. The data paints a less definitive picture, showing more volatile fail rates in asset classes such as bonds and ETFs. The new report no longer includes the one-year moving average, but it does show that for every single asset class measured, the settlement fail rate at the end of 2023 was lower than the settlement fail rate in February 2022. So, under both the ‘old’ and ‘new’ ways of measuring fails, ESMA’s own data appears to suggest that the introduction of CSDR cash penalties has coincided with a definitive reduction in settlement fails. This is great news for regulators, and great news for the industry. Figure 1: ESMA TRV 2-2023 Figure 2: ESMA TRV 1-2024 How should we interpret it? As the charts demonstrate, the old and new methodologies appear to produce quite different results. Figure 1 estimates equity fail rates between 5%-10% through the course of 2022 yet figure 2 shows equity fail rates for the same time period reaching as high as 20%. Without knowing the “pre-CSDR” methodology used by each CSD, it is difficult to determine exactly what is causing the difference. Further insight may be found in the annual report that CSDs are mandated to publish. This is, in effect, a more basic version of the data they provide to ESMA and does not contain the same granularity on asset class or transaction type, and therefore presents an incomplete picture. Importantly, it should be noted that the CSD’s individual data can be highly susceptible to being skewed by a small number of large failing instructions. For example, Euroclear Bank reported a fail rate of 9.52% for 2023, down from 14.46% in 2022. They note that by removing from their calculation a handful of fails on instructions, “related to securities that are issued in units but where the participant erroneously instructs in nominal”, the fail rate drops to 6.27%. The impact of these misbookings is even more egregious in Clearstream Luxembourg’s figures – in 2022, their fail rate was reported as 58.76%! The industry’s efforts to reduce settlement fails are highly reliant on good quality, accurate, complete and timely public information. This is critical to identifying particular problem areas – be that asset class, settlement location, type of transaction – that should be focused on. Unfortunately, the public information disclosed by CSDs has so far proved somewhat unreliable. T2S – a common settlement platform to which 24 European CSDs are connected – also publish data on settlement fails. Again, this provides an incomplete picture, as not all CSDs are connected to T2S, but provides a reliable and consistent methodology that can be tracked over time. T2S data demonstrates a clear downward trend in settlement fails since the introduction of CSDR cash penalties in Q1 2022. Fail rates, measured in value, were 49% lower in Q4 2023 than in Q1 2022. The question of whether settlement efficiency is improving, can by almost any measure be answered with an emphatic yes. The more pertinent question to ask is, “is settlement efficiency improving enough?”. That question can only be answered by public authorities. ESMA have recently consulted on whether changes are required to the current penalty mechanism, including a potential increase to the daily penalty rates that are applied in order to drive a reduction in fails. No explicit target for an ‘acceptable’ level of settlement fails has ever been set. However, the general view from AFME members is that levels of settlement fails in the EU have as much as halved since the start of 2022 and are broadly comparable with other jurisdictions including the US. On that basis, AFME considers that the application of CSDR cash penalties should be considered a success and does not believe that there is a case for a radical overhaul of the existing regime.

The EU Single Market came into being in 1993. The introduction of the Euro followed six years later, bringing tangible financial integration of Euro area member states. The development of a truly single capital market in Europe should have followed. But it hasn’t. In fact, there has been little change in the development of the EU’s capital markets over the past decades. The global share of market capitalisation of listed shares in the EU has declined from 18% in 2000 to 13% in 2023; whilst the US has consolidated its position as the undisputed leader accounting for 50% of the world’s equity market cap in mid-2023. China has rapidly expanded, accounting for 0.3% of the world’s total market capitalisation in 2000 to 13% in 2023. The evolution of market capitalisation also has repercussions on the depth of regional liquidity pools. Market data suggests US and China are more liquid centres than Europe with turnover ratio (trading volume relative to market capitalisation) standing at 3.5x in the US, 2.6x in China versus 1.5x in Europe. These numbers indicate that there is increasing urgency to transform the EU’s existing capital markets into a globally competitive, well-functioning and scaled-up single capital market. Without this, the region’s future growth and competitiveness are at stake. Last month, EU finance ministers recognised this need in a Eurogroup statement setting out recommendations for both Member States and the next Commission to consider. While this is a positive development, more transformative and bold measures are needed to scale the EU’s capital market to bring it into line with the size of its economy, its future investment needs and the role it wants to play on the global stage. To succeed, decision-makers cannot shy away from addressing some structural, and often political, issues. Four key areas need to be addressed in order to secure Europe’s long-term economic prosperity and competitiveness. Firstly, bringing retail savings to the EU market, whether directly or indirectly, is a priority. This requires a pan-European approach to pensions, which will only occur under the clear leadership of heads of state committed to resolving on a pan-European basis. Secondly, the EU needs to enhance its rule-making agility in wholesale capital markets. This can be a powerful way to increase the attractiveness and competitiveness of the EU marketplace. To achieve this, greater discipline needs to be exercised so that co-legislators set out principles in legislation but refrain from hardcoding details therein. Instead, regulatory authorities should be given responsibility to determine the technical substance of rules. The European Supervisory Authorities (ESMA in this case) should be charged with making policy assessments and detailed rules based on robust market data and should be held accountable to the co-legislators on the basis of this observable data. This will allow the framework to adjust more rapidly to changing market conditions in a manner which is more comparable to rule-making for markets in other jurisdictions. This will imply giving greater resources to those authorities and changing their governance with European single market objectives in mind. Going a step further, the EU should recognise that not all circumstances can be foreseen in regulation. Supervisory authorities should be further empowered to intervene, again on the basis of robust market data, when it is necessary for instance to preserve market functioning or price formation. Supervisory assessments and intervention should be strongly coordinated across the EU, and where necessary and more effective, could be centralised. Thirdly, greater emphasis should be placed on improving market liquidity. At present, there is no common understanding amongst EU policy makers of what kind of liquidity is truly available within the EU’s equity markets, and where this liquidity is. As a result, and in fear of further losing market depth, EU law has imposed restrictions on certain types of trading. This has perversely resulted in less rather than better investor choice and fails to make EU markets attractive to capital, domestically and internationally. Understanding our liquidity landscape and overcoming constraints would produce greater liquidity, thereby attracting more savings, investments and listings of firms with better valuations. Moreover, for a genuinely single EU capital market, the EU needs to break down barriers to incentivise the creation of pan European exchanges and post-trading infrastructures fit for the digital era. EU-wide bond market liquidity also needs to be carefully monitored and deepened, particularly in the government bond markets. Introducing regulatory and supervisory agility can go a long way to facilitate this. Finally, adjusting the regulatory framework for securitisation is vitally important. This does not mean a return to the pre-Global Financial Crisis era of regulation, but rather targeted changes which will allow securitisation to make a useful economic contribution in an economy where bank lending will continue to play an important role. Indeed, securitisation is the only financial technique which enables indirect market-based financing of SMEs and allows banks to recycle capital into financing additional lending. Member States need to help grow the EU’s capital markets, and at pace. The recognition by EU leaders that a more advanced Capital Markets Union is needed to achieve the new competitiveness deal set out during the 17-18 April Special European Council meeting is positive. Sustained focus from leaders will be necessary to realise the broader benefits of a truly EU integrated capital market.

The European Union (EU) is at a critical juncture, facing a decline in its competitiveness on the global stage. With European elections in sight and a new European Commission (EC) set to take up its post later this year, now is the time to define a fresh policy agenda for the next five years that can ensure the EU’s vibrancy and competitiveness. The EU’s policy approach to capital markets will play a key role. Take the evolution of initial public offerings (IPOs) by European corporates. Before the creation of the European Single Market, corporates from the EU-27 Member States accounted for 5 percent of global IPOs. Following the first few years of the Single Market in the 1990s, this figure soared to 20 percent. Yet, over the past three years, this statistic has plummeted to levels of around 7 percent. Many Member States are understandably concerned about the EU’s lack of public listings, creating a litmus test of the EU’s ability to scale up the businesses it needs to maintain competitiveness. Yet companies are more likely to be attracted by the greater depth, liquidity and resulting higher valuations offered by markets outside the EU. Further key figures underscore the challenge: The EU’s share of global gross domestic product (GDP) is around 17 percent, but its share of the world’s total market capitalisation currently stands at only 13 percent. Capital markets’ funding of EU corporates remains on average at around 10 percent—a similar level to that recorded by theAssociation for Financial Markets in Europe (AFME)in 2018. Meanwhile, market-based financing in the United Kingdom and the United States averages 26 percent. The EU remains a predominantly bank-funded economy. Notably, the EU faces additional challenges, including demographic pressures on public budgets and state pension systems. Finding ways to keep pensions financially sustainable in the long term against the background of an ageing population is creating an urgent need for citizens to seek suitable alternative solutions for retirement. The sustainable transition will further strain financial resources, with an estimated EUR 700 billion annual requirement for ambitious environmental targets. While European leaders are aware of these challenges, there appears to be no straightforward path to addressing them. Despite their ambitious goals, the Capital Markets Union’s (CMU’s) action plans of past years have not given rise to fundamental changes. As the EU gears up for the upcoming European elections, the policy agenda for the next five years needs to be designed with the goal of securing a more transformational impact. Achieving scale through coordinated efforts Scaling capital markets will require an approach incorporating both EU-wide and domestic-level initiatives. The challenge lies in ensuring that domestic approaches align within a structured and coordinated EU-wide framework. If the focus rests on bottom-up initiatives, with Member States focussed solely on their domestic markets and competing only with their EU neighbours for market share in their respective areas of specialism, then the scale necessary to attract capital and finance economic needs within the EU as a whole will fall short. Global competitiveness trends will not be reversed. Explaining and promoting the tangible benefits of integrated markets within Member States, and importantlyforMember States, is imperative. Tackling the pensions challenge is a good candidate for this approach, starting with a robust exchange of best practices derived from national experiences among Member States. A more ambitious strategy would be to build on this and previous lessons learned, for instance, from the Pan-European Personal Pension Product (PEPP) experience. Ultimately, creating a European pension product with cross-border investments, portability and harmonised tax incentives wherever possible would be a transformative step. Another strategic move would be to ensure that the development of liquidity in the EU equities market is at the forefront of the Union’s policy objectives. Beyond its role in attracting capital and boosting valuations, robust secondary-market liquidity is integral to fostering growth within the EU. Taking a proactive stance on this front will not only improve market dynamics but also encourage EU listings and bolster the market’s overall resilience. Implementing certain Capital Markets Union (CMU) Action Plan measures remains pivotal, particularly enacting those agreed by co-legislators in the present mandate, such as the European Single Access Point (ESAP) and the so-called consolidated tapes for shares and bonds. These initiatives hold the potential to overcome the existing geographical fragmentation of EU markets by providing centralised data access to investors—the first concerning information on EU corporates’ financial and non-financial performances and the second regarding information on securities’ trading prices. Both types of information will be visible to all investors, whether in the EU or globally, irrespective of the country of incorporation of the business or where a trade takes place, which is not the case today. There are two caveats to this. More must be done to change attitudes that associate corporate champions with the need to list on a specific domestic exchange. Instead, the objective should be to foster the growth of EU corporates by ensuring those wishing to go public choose an EU listing venue, regardless of the specific country. For a consolidated tape to provide meaningful information on share prices, the current design of the tape will need some adjustments, specifically going into greater levels of the order book than what is presently envisaged for pre-trade information. This can be done relatively quickly if Member States look beyond incumbent commercial interests. To further remove impediments to capital-market growth, addressing longstanding barriers will also be paramount. Here, withholding taxes and corporate-insolvency harmonisation require specific efforts from Member States to agree, at pace, on the proposals currently being negotiated. A new area to consider in the coming years could be the harmonisation of civil liability regarding prospectuses, particularly concerning forward-looking information, as this could enhance transparency for investors while providing greater clarity to issuers and their advisors on their potential liability risks. Finally, leveraging emerging technologies will be central to fostering competitiveness and efficiency. The adoption of distributed ledger technology (DLT) holds the promise of streamlined trading and post-trade processes, translating into reduced operational costs and improved liquidity. Beyond the above, recognising that direct market-based financing may not be a solution for all types of companies in all situations is important. In this regard, securitisation can be a tool for bridging the gap between traditional banking and market funding mechanisms. It can transfer risk from banks’ balance sheets, freeing up capital they can allocate towards additional lending. It is now well documented that the EU is lagging in this respect. As of June 2022, annual securitisation issuance in the EU and UK represented just 1.2 percent of total outstanding bank loans, whereas in the US, in the same period, annual securitisation issuance was equal to 12.6 percent of outstanding bank loans. To overcome this, recalibrating bank and insurer prudential treatments, reviewing disclosure frameworks for investors and supporting the nascent ESG (environmental, social and governance) securitisation market are essential. In all of these areas, EU policymakers can make a difference. Paving the path to competitiveness Europe is at a turning point, necessitating a fresh approach to its policies on capital markets. The EU’s dwindling number of IPOs and relatively low global market capitalisation highlight the urgent need for change. As the EU enters a new phase with its upcoming elections, a comprehensive and ambitious policy agenda is crucial. The journey towards a more competitive and resilient European economy necessitates a joint effort. Coordinating EU and domestic-level initiatives is not simply a matter of practicality; it is imperative to achieving the scale and integration of capital markets required to position Europe competitively on the global stage. If this path is navigated successfully by a collective commitment to structured coordination and strategic action, it will pave the way for a resilient, vibrant and globally competitive European economy. Originally published in the International Banker:https://internationalbanker.com/finance/a-turning-point-for-europes-capital-markets/

ESG Data for Financial Services in an Operational Environment Over the past decade, the financial services industry has made great leaps in supporting the ESG agenda, with arguably the most traction resting on the ‘E’ - the environmental aspect. The environmental goals of regulators and clients have increasingly been converging and becoming ever more ambitious. ESG Data in this context presents significant potential, but the increasing weight of regulatory activity poses a challenge for multinational financial entities and success will hinge on integrating ESG data into core operations rather than maintaining separate systems. At this year’s Operations, Post-Trade, Technology and Innovation Conference (OPTIC), AFME published a joint report with Protiviti on ESG Data, focusing on the operational implications from these ever increasing ambitions. During our panel discussion on ESG Data at OPTIC, with representation from both industry and regulators, an emphasis was placed on the current need for a significant shift in ESG reporting. Moving forward, financial entities must harness the potential of ESG Data by shifting away from a “tick-box” compliance mindset to embedding these pools of information into their wider products and services. Regulatory determination has led to reservoirs of ESG Data The plethora of regulatory intervention in the ESG space is well documented, including in AFME’s 2023 report on the regulatory state of play of Sustainable Finance in Europe. Such regulatory activity includes work to develop a global baseline for sustainability reporting through the International Sustainability Standards Board (ISSB) and the European Sustainability Reporting Standards (ESRS) under the EU Corporate Sustainability Reporting Directive (CSRD), alongside other initiatives such as the Financial Stability Board’s Task Force on Climate-Related Disclosures (TCFD), Global Reporting Initiative (GRI), and Taskforce on Nature-related Financial Disclosures (TNFD). The result from regulatory intervention is the creation of reservoirs of ESG intelligence, both internally and externally facing. The management of this data throughout its lifecycle is explored in more depth in our latest report, but ensuring that appropriate data operations (DataOps) are in place is a foundational key to the success of a data-driven enterprise. It is also critical for tackling the main challenges facing financial entities in meeting regulatory expectations: New technologies can help enable financial entities in unlocking maximum value from their ESG Data At OPTIC, it was evident that when participants were asked about the opportunities for innovative technologies, data consistently emerged as the primary focus. This included not just ESG Data, but other fields such as KYC (Know Your Customer) and other anti-money laundering (AML) checks. Nevertheless, it is ESG Data which arguably presents businesses with the most commercial of opportunities. Client expectations and the demand for sustainable finance products and investments are ever growing, but it is financial entities capable of leveraging the data already at their fingertips that will secure a competitive advantage. This was one of the take-away points from the launch of our report. OPTIC attendees heard how investment banks and financial market infrastructure are striving to lead the way by showcasing both their own ESG credentials and assisting clients in navigating the risks of greenwashing. Cloud computing and AI/ML are already seen to be mature technological innovations, which are enabling firms to smartly make use of mass volumes of data. Computation and ML algorithms allow analysis and integration at scale, while cloud platforms provide flexibility and cost-effectiveness, especially for storing and processing of high-quality data. What happens next? ESG Data is without doubt a significant area of growth, with plenty of potential. Yet, the weight of regulatory activity, and potential for further action have reached a point where they risk overwhelming even major multinational financial entities. Future success depends on embedding ESG Data as part of a financial entity’s core operations, rather than establishing and maintaining separate or parallel systems and databases. At AFME we will be continuing to follow the developments in regulation and working with financial entities on how to operationalise ESG data which could otherwise sit unleveraged. To ensure that laudable ambitions remain sustainable and achievable, it is critical that industry and regulators work closely together. AFME’s Technology &Operations team remains on hand to discuss any of these issues in further depth, or to provide an update on the organisation’s activity in this field. Please [email protected] or {Protiviti} for further information.

In the digital age, the creativity of cyber criminals requires constant vigilance. Banks are conscious that they remain the number one target for cyber-attacks. Therefore, the European Union’s focus on cybersecurity is both welcome and acutely needed. The intention to embed cybersecurity into the various aspects of financial regulation, including risk management controls, supervisory stress tests and incident management will ensure a holistic approach, which best protects the stability of financial markets. The question, however, is whether each of these initiatives are effectively aligning, or whether EU officials are tripping over each other in the rush to get files over the line ahead of next year’s elections? What is currently at play? Cybersecurity has been a priority for the outgoing Commission and in the realm of financial services, this focus was one of the drivers behind DG-FISMA’s DORA – the EU’s milestoneDigital Operational Resilience Act. The Regulation harmonises the operational risk landscape for financial entities, and encompasses cybersecurity, albeit partially on a voluntary basis. Alongside the sectoral overhaul, financial services are impacted by the cross sectoral cybersecurity package coming out of DG-CNECT, as underpinned by the technical cybersecurity certification schemes. Moreover, cyber risk has increasingly become an area of focus for supervisors, including the ECB, in assessing the resilience of market participants, with Threat Led Penetration Testing (TLPT) providing real-time simulations of cyber threats and a firm’s response capabilities. The overall framework is comprehensive, and the level of ambition laudable, but there are serious concerns across the industry regarding the practical implementation of these well-intended proposals Why the cause for concern? While the Commission is aware of the risks of duplication and overlap, its approach has not been consistent, and the incoming Cyber Resilience Act has caused significant worry across the industry. At first glance, this piece of product regulation could neatly sit in parallel to the entity regulation under DORA. However, the commercial reality is not so straightforward. Many financial services firms today offer products and services via technology systems and applications, which could be captured under both frameworks. The Cyber Resilience Act proposal in fact makes explicit reference to banking apps as one example. Yet this ‘product’ is very different from a good which is sold to a consumer and whereafter the provider or merchant relinquishes control. Instead a bank would retain control over such devices, and be responsible for ensuring that security and software updates are reviewed and installed. The application would, therefore, be covered by the existing DORA requirements, rendering the CRA superfluous. Within the EU institutions, some do not believe that this overlap is overly worrying. They perceive that since checks are already taking place, any additional burden would be limited. Such thinking fails to recognise that a single “service offering” can have hundreds of applications and processes sitting under it. The resourcing burden of any duplication in cybersecurity measures is therefore significant, and also ever increasing, as cyber controls and testing continue to become more enhanced and extensive. While firms are repeatedly addressing the same cyber risk, they are impeded from devoting time and effort to tackling new cyber threats. In an emerging area such as cyber, firms must retain the capacity to respond to arising threats and the increasing regulatory load is constraining EU financial firms’ agility. What is next? The immediate priority is ensuring that the incoming Cyber Resilience Act doesn’t cut across DORA. This milestone regulation marks a notable advancement for operational resilience in the digital world and merits broad Commission support. A definitive boundary needs to be established regarding the underlying systems and processes which support many outward facing products. It is also critical that any additional incoming requirements on reporting of vulnerabilities and threats is based on existing systems and lines of communication, to prevent conflicting reports and mismanaged responses. It will be crucial that the new Commission resists the pressure to introduce new cybersecurity schemes and proposals, as the current environment needs time for embedding before addressing any remaining gaps. Moreover, the worrying tendency to introduce localisation or sovereignty requirements under the pretext of cybersecurity must be countered. Such proposals have been debated at length as part of the passage of DORA, yet we continue to see the discussion reopened, most recently with regards to the EUCS cybersecurity certification scheme. Many cyber threats are cross-border in nature, and removing access to non-EU solutions will ultimately backfire by limiting the ability of EU businesses and clients to rely on software providers who could offer the most tailored expertise in enhancing cybersecurity in any particular field. The only beneficiaries in such a scenario would be the cyber criminals, who will be quick to capitalise on these vulnerabilities and blind spots. AFME’s Technology &Operations team remains on hand to discuss any of these issues in further depth, or to provide an update on the organisation’s activity in this field. Please [email protected] further information.

US T+1 – What should European firms be doing to prepare? AFME recently hosted a webinar on shortening settlement cycles (known as T+1 settlement), discussing the latest developments in the US and Europe. AFME was joined by a panel of expert speakers from DTCC, the Value Exchange, Goldman Sachs, BNP Paribas and EFAMA – providing views from across the industry on the impact of the US migrating to T+1 settlement in May 2024. The panel opened with a factual overview of the new requirements by John Abel, DTCC. It was noted that as well as the new settlement timings, the industry will also have to prepare for compliance with stricter requirements regarding the process for allocation and affirming transactions on trade date. Barney Nelson, the Value Exchange, presented an overview of his firm’s market research into industry readiness for T+1. The research highlights that the operational impacts of the move will be felt hardest by smaller firms outside of North America. Firms are generally expecting impacts across the entire trade lifecycle from account opening to corporate actions, with many institutions considering changes to resourcing and operating models to facilitate the move. Panelists representing custodians (Emmanuelle Riess, BNP Paribas), broker-dealers (Sachin Mohindra, Goldman Sachs) and investors (Susan Yavari, EFAMA) identified three core areas where potential challenges are likely to arise. First, in relation to the affirmation process, which must be completed on trade date by 9pm EST. It was noted that this represents a considerable ‘squeeze’ on post trade operations, particularly for institutions based outside the US. Panelists identified the need for greater focus on automation to help solve this challenge. Second, it is expected that there will be a significant impact on funding processes, in particular where an FX transaction is required in order to facilitate settlement. The timing of FX transactions will also be compressed, with potential impacts on pricing and liquidity. A third area of concern identified was to securities lending processes. Given the shorter settlement period, securities will have to be recalled on a shorter timeframe, increasing the possibility of settlement fails. Panelists noted that this could possibly lead to less inventory being made available for lending, potentially damaging overall market liquidity. Panelists also noted that the US move to T+1 will reintroduce a global misalignment of settlement cycles, creating problems for globally active institutions, in particular, in relation to funding and cash management, and for transactions in securities with a multi-jurisdictional nexus, such as ETFs. This naturally raises the question of whether Europe should also move to T+1 settlement. Pablo Garcia, AFME, noted that industry discussions on the topic are underway in both the UK and EU. Any such move will require careful consideration, in light of the additional challenges that will face Europe, such as the increased complexity of its market infrastructure landscape and the existence of CSDR settlement discipline measures. As the industry continues its progression towards T+1 adoption in the US in 2024, and with developments expected in both the UK and the EU, there will be plenty more to discuss in the coming months.

European equity markets are facing a worrying problem. Liquidity is leaving Europe, and if the current state of affairs remains unchanged, this trend is probably set to continue. The European Union’s (EU’s) market capitalisation (or the total market value of shares for listed companies) was only EUR10.4 trillion at the end of 2022, compared to EUR 38 trillion in the United States—in other words, it was less than one-third of US market capitalisation. Furthermore, turnover of EU shares (a measure of liquidity) remained completely flat from 2016 to 2022, while this measure increased by 40 percent in the United States over the same period. There are, of course, multiple contributing factors to this crisis, but two initiatives are underway that may help to reverse the decline. For example, completing theMarkets in Financial Instruments Regulation (MiFIR) review with the right focus could help boost secondary-market liquidity. This review is an important moment for Europe’s capital markets as policymakers consider how to enhance the competitiveness and attractiveness of EU capital markets at the international level. Europe also aims to improveprimary-market issuancethrough theEU Listing Act, which, once implemented, can simplify access to European capital markets and streamline the listing process as well as post-listing requirements. Navigating the complexities of the EU’s regulatory framework Part of the EU’s equity problem is the complex regulatory framework governing how its markets function, including certain restrictions that do not apply in other markets. For banks, explaining this complex regulatory framework to international clients and persuading them to still want to transact in the EU is a long, involved process. In the EU, rules on share trading require investment firms to ensure that trades occur only on an EU-regulated market or multilateral trading facility. The trading amounts on certain trading venues are capped in favour of so-called public venues. Originally, this requirement was meant to increase transparency, yet it has led to firms being unable to trade in the most liquid markets or pursue the best execution for their clients. Ultimately, this can limit competition and deter investment. In addition, the costs of complying with regulations and administrative burdens can also disincentivise investment. European issuers face higher capital costs as investors require liquidity premiums for investing in securities that cannot easily be converted into cash. Over time, this impacts where businesses list, making the US more attractive in the long run. The role of MiFIR To enable equity markets to thrive, Europe needs a well-developed equities consolidated tape. This tape will provide a window into liquidity across Europe and be accessible to investors. An example is the fund manager in Singapore, who wants to look at Europe as one single market and have the ability to invest in the most liquid markets to construct a deeper and more varied portfolio. By implementing such a tape, Europe can bring visibility to its true scale, making it a more attractive place in which to invest and creating further opportunities for both investors and companies seeking to list in the EU. This is a major objective of the MiFIR review, with negotiations currently underway on how the tape should be constructed. The deeper the tape, the deeper the use cases across market participants, and the more viable the tape will become. After years of real progress failing to materialise, a consolidated tape is in tangible reach, so negotiators must now focus on implementing a tape that benefits the whole EU. In addition to a consolidated tape, the outcome of the MiFIR review should also ensure that a variety of trading mechanisms are offered to investors. Investors want choices in how they execute transactions so they can get the best possible results for their clients. Under MiFID, stocks can be bought and sold on trading venues and through systematic internalisers (SIs). SIs are important components of the European trading ecosystem as they provide investors with a service similar to how banks provide loans to businesses. When firms act as SIs, they use their own capital and balance sheets to facilitate more efficient and often better-priced executions for clients. In turn, they also benefit end investors, such as pensioners and savers, who entrust their monies to asset managers who trade with SIs to obtain the best possible results. Data shows that SIs contribute an additional EUR 3 trillion annually to European equity-market liquidity that would be lost if the provision of this type of trading were curtailed. The MiFIR review currently introduces some ill-founded restrictions on trading via SIs. By limiting the investor’s ability to choose the type of execution mechanism that is most suitable for his or her investment needs, the overall global attractiveness of European markets could be negatively impacted. Increasing liquidity through the EU Listing Act Equity markets not only rely on secondary-market liquidity but also on the health of the primary market. As more companies enter the market, the greater the number of growing companies, which will capture investors’ interest and increase trading. Here, the EU also lags behind other markets. For example, the gap between EU and US equity primary issuances has widened significantly over the last five years. From 2018 to 2022, equity issuance in the EU represented 27 percent, or less than one-third of that in the US. Seeking to improve the EU’s standing, the European Commission (EC) launched a set of proposals known as the EU Listing Act in December 2022. The EU Listing Act aims to increase the appeal of public markets to EU companies by easing the complexities and costs of accessing capital for small and medium-sized enterprises (SMEs). While this is a promising first step towards increasing Europe’s attractiveness as a desirable location for companies to list, the proposals are not perfect. The European Commission’s blanket proposals to cap prospectus length and remove any requirements for prospectuses for secondary-capital raises under 40 percent in size reduce flexibility and may create material risks for issuance stakeholders. The Listing Act proposals must be revised to ensure that market participants can continue providing the best possible disclosures to protect quality listings. Putting liquidity first Europe is at an important juncture to establish itself as a leading equity market. The opportunity to address some structural issues and revise key capital-market regulations, which govern how markets function in the EU, now rests with policymakers. The US offers deep and broad pools of capital, leading to a market with attractive listed companies and higher activity levels from retail investors. Investors want choices in how they execute transactions to achieve the best executions of regulatory requirements. The EU now has the chance to step up: first, by establishing a meaningful consolidated tape, which will draw investment focus to Europe as a whole, and second, by ensuring there are sufficient choices in trading mechanisms, which will help to attract investment within and into Europe. To reverse the deteriorating trends in equity-market liquidity, policymakers must ensure that Europe’s attractiveness and competitiveness as an investment destination are at the forefront of their decision-making. https://internationalbanker.com/finance/equity-market-liquidity-is-leaving-europe/

Artificial Intelligence and Machine Learning (AI/ML) have been in the news again with the release of OpenAI’s chat bot, ChatGPT. This tool uses elements of artificial intelligence to communicate with people in a human-like way and has fascinated the public with its swift and detailed responses and potentially wide-ranging uses. However, ChatGPT is merely the latest public development in the long-established field of AI/ML, which the financial sector has been exploring for numerous years. AI/ML has the potential to transform the financial industry through rapid analytical tools and enhanced data processing capacity. For example, huge volumes of data can be analysed more efficiently to improve trading strategies or to optimise capital models. Financial regulatory authorities around the globe have equally been paying close attention to AI/ML, as they acknowledge it has many conceivable uses within the sector. The EU is currently developing an AI Act, while the UK has released a discussion paper on AI/ML, to which AFME responded.A key message was the need for more dialogue with supervisors on areas where firms may find it more challenging to innovate, such as financial crime compliance. This is an area with huge potential for the use of AL/ML, although barriers still exist to its deployment. The Potential for AI/ML in Financial Crime Compliance AI/ML could prove especially transformative in the prevention and detection of financial crime, including anti-money laundering and combatting the financing of terrorism (AML-CFT). By taking advantage of the advances in data analytics derived from AI/ML, financial institutions can more effectively use their client, communications and transactional data created by their products and services. Financial institutions’ surveillance systems could benefit from more sophisticated incorporation of unstructured data into datasets (for example, to contextualise transaction data with current affairs) or better oversight of internal and client communications using natural language processing capabilities to detect misconduct. The incorporation of AI/ML will also aid in improving the accuracy and relevance of the alerts that are generated by these surveillance systems, for both financial institutions and their supervisors. For instance, Europol estimates that currently just 10% of suspicious transaction reports submitted lead to further investigation by competent authorities. Barriers to Deployment Integrating AI/ML solutions into financial crime compliance, however, is not simple. To ensure a suitable baseline standard, the relevant regulatory frameworks tend to be rule-based, rather than principles-based. For example, these frameworks mandate analysis by specific risk indicators or variables, with minimal scope for a highly tailored approach or innovative technological solutions. A key benefit of AI/ML as a technology, on the other hand, is its ability to find new solutions for the task it is set, incorporating different data sources and finding new patterns. Given the mismatch between regulatory requirements and the adaptive nature of AI, FIs interested in implementing AI/ML applications in financial crime compliance therefore cannot use them to retire their current systems, even where a new approach can produce more effective results. In addition, where FIs determine that they can deploy AI/ML in financial crime compliance, they must ensure that they are able to provide sufficient transparency on the applications’ outputs. This is to satisfy both themselves and their supervisors that the application is performing to a suitably high standard of accuracy and efficiency, while not contravening FIs’ ongoing obligations in areas such as data and client protection. This will need to be assessed throughout the lifecycle of an application and will involve upskilling both for FIs' compliance teams and their supervisors, to ensure that the right level of challenge is present. Steps in the Right Direction Despite these challenges, the industry is keen to explore how AI/ML can be incorporated to fight against financial crime, while continuing to meet regulatory expectations. In December 2022, the Wolfsberg Group of FIs released their “Principles for Using Artificial Intelligence and Machine Learning in Financial Crime Compliance” to support the wider industry in their technological innovation in this field. These serve as a helpful guideline for how FIs should apply AI into financial crime compliance. Globally, regulators have also begun to recognise the significance of AI/ML in financial crime compliance and the importance of supporting its development. Notably, the Monetary Authority of Singapore (MAS),announced in October 2021 that it will introduce a digital platform and enabling regulatory framework for financial institutions to share with one another relevant information on customers and transactions to prevent money laundering, terrorism financing and proliferation financing. US regulators have also spoken about the potential improvement of AML-CFT through the use of technologies such as AI/ML. In the UK, the FCA released a 2019 report on Machine Learning in Financial Services, which explored financial crime as one of its case studies. In 2020, the French ACPR included AML-CFT as one of its series of technical workshops on how AI can be developed within the sector. The ECB has also been considering the challenge of digitisation, including AI/ML, in the context of its new European AML framework. Conclusion It is encouraging to witness multiple regulators believing in the potential of AI/ML in preventing and detecting financial crime. However, further collaboration with authorities will be required to ensure that innovation in this field can be supported within the context of continuing to meet regulatory expectations – and, as recently noted by the Financial Action Task Force, even statements of regulatory support for the adoption of new technologies do not always translate into real supervisory acceptance of compliance practices and new procedures.To quote the Director of the US Financial Crimes Enforcement Network: “innovation will only happen if the private sector feels it has latitude to innovate. AFME would welcome further discussions with authorities in this area and looks forward to supporting the development of AI/ML in the fight against financial crime. References https://www.afme.eu/Portals/0/DispatchFeaturedImages/Consultation%20Response%20DP522%20%E2%80%93%20Artificial%20Intelligence%20and%20Machine%20Learning.pdf https://www.europol.europa.eu/cms/sites/default/files/documents/ql-01-17-932-en-c_pf_final.pdf https://www.wolfsberg-principles.com/articles/publication-wolfsberg-principles-using-artificial-intelligence-and-machine-learning https://www.mas.gov.sg/~/media/MAS/News%20and%20Publications/Monographs%20and%20Information%20Papers/FEAT%20Principles%20Final.pdf https://www.mas.gov.sg/news/media-releases/2021/mas-and-financial-industry-to-use-new-digital-platform-to-fight-money-laundering https://www.fincen.gov/sites/default/files/2018-12/Joint%20Statement%20on%20Innovation%20Statement%20%28Final%2011-30-18%29_508.pdf https://www.fca.org.uk/publication/research/research-note-on-machine-learning-in-uk-financial-services.pdf https://acpr.banque-france.fr/sites/default/files/medias/documents/20200612_ai_governance_finance.pdf https://www.bankingsupervision.europa.eu/press/speeches/date/2022/html/ssm.sp220713~73f22a486e.en.html https://www.fatf-gafi.org/content/fatf-gafi/en/publications/Digitaltransformation/Opportunities-challenges-new-technologies-for-aml-cft.html https://www.fincen.gov/news/speeches/prepared-remarks-fincen-acting-director-him-das-delivered-virtually-american-bankers

As the EU’s Distributed Ledger Technology Pilot Regime goes live today, AFME discusses whether it will truly enable innovation in capital markets. Finance and innovation have always been closely linked, and historically, technology has played a key role in modernising systems for consumers and markets. Financial services has continued to evolve at pace with the development of new technologies. In recent years, distributed ledger technology (DLT) has been identified as a key innovation that could transform capital markets. DLT is a framework and protocol that combines database technology and cryptography, allowing multiple participants to each maintain their own copy of records in a shared dataset and make updates to it. All copies remain consistent through computerised consensus mechanisms rather than through a trusted third party. DLT implementation could be used in almost any industry that collects and uses data. For financial services, it could generate substantial efficiencies across the securities lifecycle, improve the resiliency of market infrastructure, reduce settlement risk and ultimately change the way market participants interact with one another. However, the legislative and regulatory framework governing EU securities markets was designed prior to the advent of these new technologies and did not envisage the potential use of DLT in traditional capital markets. In order to investigate what legislative changes might be needed for DLT to be used in capital markets, the EU launched the DLT Pilot Regime (DLT PR) back in 2022 as part of its digital finance package. The DLT Pilot Regime is an example of a regulatory sandbox, which allows established market participants and new entrants to test products in a controlled environment. It enables them to find out whether a particular technology can be implemented in a new and innovative way, while still meeting the appropriate regulatory outcomes and risk tolerances. Under the DLT PR, entities will be able to apply for temporary exemptions from certain requirements of existing European financial legislation which have been deemed 'incompatible' with the use of DLT in order to provide issuance and post-issuance services (including trading and settlement) through DLT-based market infrastructures. As the EU DLT PR goes live today, the question arises as to whether the sandbox goes far enough. Does it truly allow for the necessary experimentation, innovation and the potential development of new infrastructures and a different ecosystem? Approaches around the globe The EU is not the only jurisdiction looking at how DLT could shape the future of capital markets. The UK Treasury is also looking at establishing sandboxes that would enable financial market infrastructures and other designated parties to test and adopt new technologies and practices by temporarily suspending, amending, or even applying certain laws. The UK Financial Market Infrastructures (FMI) sandbox has the potential to be much broader and could involve participation beyond Multilateral Trading Facilities (MTF) and Central Securities Depositaries (CSDs), however the UK Treasury has yet to consult on exactly what shape the sandbox will take. In Asia, the Philippines is using a test-and-learn approach, which represents an alternative to the regulatory sandbox. In this strategy, regulators can use tools like letters-of-no-objection or case-by-case waivers to give innovators access to a regulatory-free environment while allowing oversight over the testing process and to step in when results become more apparent. Additionally, the Monetary Authority of Singapore (MAS) is running both a FinTech Regulatory Sandbox that enables experimentation with innovative financial products and services, as well as Project Guardian which supports collaboration with the financial industry to test the feasibility of applications in asset tokenisation and DeFi. The Hong Kong Monetary Authority also has a Fintech Supervisory Sandbox which includes both regulatory tech (regtech) use cases as well as a small fraction of DLT projects. Comparing these approaches, it is evident that the EU has been bold with the EU Pilot Regime initiative. Positively, the EU has been able to put effective measures in place faster than other regions to facilitate experimentation with DLT in trade and post-trade processes. The EU has gone further, faster, and may have a distinct first-mover advantage, gaining valuable knowledge and first-hand experience of how DLT can be applied in securities markets. However, while bold, there are aspects of the EU DLT PR that may not encourage broad engagement in the sandbox from market participants. Throughout the DLT PR consultation process, AFME has raised concerns about the relatively low thresholds on both the size of permitted issuances of DLT-based securities and the market capitalisation of the issuer, as well as the process for authorisation following the sandbox exercise. There is still a lack of clarity on what the roll off to the real-world would look like and this could see participants disincentivised from investing time and money in new and innovative projects with an uncertain future. Where are we now? Market participants have keenly followed the legislative process and developments around the DLT pilot regime. The regime is an important step in facilitating DLT experimentation in capital markets. Many believe that the digitalisation of capital markets could represent a transformation comparable, if not greater, in scale and significance to the shift from physical to electronic securities. Nonetheless, there are certain challenges with the EU DLT Pilot Regime and its sandbox. The divergence and inconsistency across the EU for the regulatory treatment of digital securities and their legal status under national securities laws could limit the effectiveness. For example, in Germany, Luxembourg and France there are local regulatory regimes capturing digital securities which are different in approach and not harmonised. While the EU regulatory framework is designed to be technologically neutral, it has been constructed with traditional financial market infrastructure in mind. Therefore, there are concepts in regulations that are inconsistent with DLT environments. The DLT PR goes some way to address this, by providing derogations from certain regulatory requirements. This is an understandably pragmatic approach, but ultimately may leave little room for a more ambitious reimagining of how capital markets infrastructure is organised, and how networks of participants are connected. Overall, the ability to successfully transform financial legislation to support the use of DLT across financial services will depend on how broadly the sandbox is used by industry participants and what the level of uptake is. The more participants adopt new and innovative structures, the better these structures can be applied successfully in the real world within the appropriate legislative and regulatory parameters, and the greater the benefits that can be derived from new technology. However, true success for the DLT PR, which launched today will depend on whether the industry believes that a sandbox experiment will be beneficial. It will also depend on whether the parameters are open enough for them to be truly innovative in meeting regulatory requirements, rather than just using the new technology within an identically structured ecosystem. A robust digital economy will thrive within an appropriate regulatory perimeter.It will be interesting to see what the uptake of the DLT sandboxes will be and how capital markets participants continue to innovate and implement new technologies.