A few short interesting extracts from a speech by Minister of Finance Paschal Donohoe to Blockchain Ireland audience yesterday (24 May 2021), covering fintech, payments, blockchain and crypto.

Download the speech in PDF here 

• "We have a track record in this country for building globally recognised #payment companies and innovative financial services businesses.
• ​The necessity to transact a payment online forced many to implicitly “trust” in the process, without considering who the company offering such services is or what consumer protection safeguards are in place if something goes wrong.
• #Blockchain is also enabling innovative approaches to educational credentialing in the Irish banking sector.
• Equally, I recognise that the blockchain technology that underpins these [#crypto] currencies is being a catalyst for innovation in the financial services sector, particularly payments and capital markets.
• As Minister for Finance, I’m conscious that investing in #cryptocurrencies continues to involve risks and that there must be adequate regulation to protect consumers in this regard.

• ... there are 12 educational institutions across Ireland that are supporting and researching blockchain, whether that is in the form of ongoing research, study programmes or partnerships with other companies."

Published on 24 May 2021
Last updated on 24 May 2021

 From Department of Finance 
Published on 24 May 2021
Last updated on 24 May 2021
 
Check Against Delivery

Good morning everyone.
I am delighted to be speaking to you today, albeit virtually, as part of Blockchain Ireland Week.

First of all, I would like to acknowledge the commitment of Dave Feenan to blockchain; accepting the role as the new Chair of Blockchain Ireland, a challenge that few could have met.

I would also like to acknowledge the tenacity and perseverance of Lory Kehoe, being one of the original founders of Blockchain Ireland, over 5 years ago.

Thank you also Toomas Ilves for sharing your experience in the digitalisation of your country, and your expert understanding of blockchain technology.

An inspiration for us all here, as this week we explore how we can create our present, and our future, working with this technology.

It is hard to believe it is two years ago since I had the opportunity to meet many of you personally at the Iveagh Garden hotel.

A lot has changed since, even the price of Bitcoin. Or should I say Dogecoin?

Advances in the sector
Blockchain Ireland Week is taking place at a crucial moment. The last year has been extremely difficult for everyone and the impact of Covid19 on our economy and society has been immense.
Now, as our country begins to re-open and we continue to accelerate the vaccination programme, there is a sense of collective relief; we can allow ourselves to look forward more positively.

Necessity is the mother of invention. You could say, necessity is the mother if innovation.

And this is the moment to dare conceive new business models, engage with disruptive technologies and challenge ourselves to change and adapt.

Because we need to change: as citizens, as customers, as businesses. We have all felt the need to adapt to the extreme circumstances of the pandemic.

And we must continue to adjust; not to survive, but to thrive.

The series of events that you, Blockchain Ireland, have scheduled for this week, offer an ample opportunity to learn more and explore how blockchain technology can improve our business, and our lives.

Not only in Ireland, but within the EU, and globally.

I wished I had the time to attend most of the events lined up for this week: the breadth and depth of topics being discussed is a testament to the leadership of Blockchain Ireland.

International speakers from Africa, Asia, Australia, Europe and the United States will share their respective views and experiences. An extended thanks to all those speakers for bringing their expertise to our shores.

From within Ireland, it’s fantastic to see how this technology is being used in initiatives such as:
– Provenance in craft-beer, food and agricultural products
– Making investing in bloodstock more affordable and transparent;
– Providing integrity and trust to health data;
– Exploring education and training choices.

Right now, I would like to share with you two thoughts that struck me as I read about Blockchain Ireland week.

The Benefits of Blockchain
First, the discussion is no longer about “What is Blockchain?”, “Blockchain vs Crypto” or “Risks and benefits of Blockchain”. To me, this is a very encouraging sign.

It demonstrates that the technology is maturing.

We are increasingly seeing more instances of how the technology can benefit the economy and society; more enterprises are funding pilots; more private sector consortia are being created; we also see mainstream adoption starting to take off.

The technology’s broad market applicability and the relevance to specific sectors is becoming clearer.
It also demonstrates that in Ireland we are keeping abreast with changes in the technology.

We have moved from 50 companies in Ireland working with blockchain back in May 2019 (when I last spoke to you), to almost 100 today: a sure sign that the Blockchain sector in Ireland is becoming more embedded in our ecosystem.

My question for you all is: is that enough though? Could we do more? Could we do better? If so, what do we need to do?

One of Ireland’s strengths is our ability to innovate and adapt to emerging trends across finance and technology and I have spoken before about the importance of nurturing Ireland’s knowledge economy.
As a Government, we have tried to ensure that Ireland is prepared to take the advantages of technological opportunities though a number of interconnected initiatives. These objectives underpinned the Government’s Future Jobs Ireland strategy.

Our vision, as set out in the Ireland for Finance Strategy to 2025, is for Ireland to remain internationally competitive and a top-tier location of choice for specialist IFS.

We have a track record in this country for building globally recognised payment companies and innovative financial services businesses.

As you will discuss this week, blockchain can transform the way in which many financial services sectors currently operate and deliver services to customers.

The digital asset sector is becoming an increasingly competitive environment, while creating challenges for existing legal and supervisory frameworks, trying to match market and client requirements.

We are actively monitoring developments in the technology and regulations globally, so that any potential policy changes will be crafted from a balanced, measured and carefully laid out review of risks and opportunities, both to consumers and to the economy.

However, the pace of development is fast and the consequences of change might be difficult to comprehend early on.

Thus, whether it is through the provision of digital assets or innovative ways of providing micro-insurance, I encourage you all to raise any concerns that would impede Ireland’s ability to remain competitive and a destination of choice for financial services.

It is also encouraging to see how applications of the technology are being explored across the spectrum of our society.

FutureNeuro, the Science Foundation Ireland Research Centre for Chronic and Rarer Neurological Diseases, is using blockchain to match sick patients to clinical trials based on their clinical and genomic data.

It received €3.9 million in funding from the recent Disruptive Technology Innovation Fund award under Project Ireland 2040.

Blockchain is also enabling innovative approaches to educational credentialing in the Irish banking sector.

Earlier this year I was delighted to mark the launch of the EdQ Platform, a collaboration of the Institute of Banking alongside Bank of Ireland, AIB, Ulster Bank and Deloitte.

This unique blockchain-based education credentialing platform for financial services is the first of its kind Ireland – and perhaps the world.

Finally, there are 12 educational institutions across Ireland that are supporting and researching blockchain, whether that is in the form of ongoing research, study programmes or partnerships with other companies. Another heartening sign that Ireland is collectively working towards strengthening its knowledge economy credentials, anchoring on blockchain technology.

To summarise, it is very inspiring to see evidence in the Irish blockchain sector that we are moving at pace with the maturity stages of the technology.

As Minister for Finance, I would add that I am very reassured to see my Department has closely followed the pace and continues to be an integral participant of the Irish Blockchain Ecosystem.

Trust in a Global Pandemic
My second thought, is inspired by the central theme of this week’s event, “Blockchain: Foundation of Trust”. The pandemic has certainly accelerated the move to transacting and living in a digital world: what might have taken 10 years has been achieved in 10 months.

We have all adapted to a large part of our lives being carried out online. However, necessity to do so may have trumped “trust”.

Perhaps the most visible example of this was people being forced to drop the use of cash and become proficient in digital payments.

The necessity to transact a payment online forced many to implicitly “trust” in the process, without considering who the company offering such services is or what consumer protection safeguards are in place if something goes wrong.

And this was the case for everyone, irrespective of age or digital proficiency. As people became more comfortable with making financial transactions online, the 24/7 availability and convenient access made the purchasing of cryptocurrencies more accessible to the public than ever.

As Minister for Finance, I’m conscious that investing in cryptocurrencies continues to involve risks and that there must be adequate regulation to protect consumers in this regard.

Equally, I recognise that the blockchain technology that underpins these currencies is being a catalyst for innovation in the financial services sector, particularly payments and capital markets.

Not only has the pandemic upended many of our constructs of a “normal” society, it has also challenged our trust in everything around us. Fake news should not be the new normal. Online scams should not be the new normal. Unverifiable scientific data should not be the new normal.

As Finance Minister, and as President of the Eurogroup, I take the issue of trust in our banking and payment system very seriously.

This is why we are closely monitoring developments into the review of a potential Digital Euro and follow the ECB’s ongoing research into Central Bank Digital Currencies.

At the same time, my Department is working with the EU Commission and the Presidency to bring forth a general agreement on the draft proposal for regulation for a Market in Crypto Assets.

Discussions are progressing at pace, particularly considering the technicality and complexity of the proposal. Why is this important?

Because I believe that clarity of the legal and regulatory perimeter applicable to cryptoassets will bring trust for consumers and companies to deliver and use such products and services, which in turn will generate trust in our governing institutions.

Conclusion
As Minister for Finance, I welcome you all to Blockchain Ireland Week and I really look forward to exploring the key outcomes of this week’s discussions. I am sure it is going to be a terrific week of events.
​
ENDS

Source: https://www.gov.ie/en/speech/50cac-speech-to-blockchain-ireland-week-2021/​

The ASX Market Announcement says:

"EML PAYMENTS LIMITED (ASX: EML) ("EMU') refers to its request for a trading halt dated 17 May 2021.

EML advises that its Irish regulated subsidiary, PFS Card Services (Ireland) Limited ('PCSIL'), has received correspondence from the Central Bank of Ireland ('CBI'), including a letter received on Friday 14 May 2021 (Australian time) raising significant regulatory concerns ('Correspondence'). The CBI is the relevant regulator in Ireland.

The CBI's concerns relate to PCSIL's Anti-Money Laundering / Counter Terrorism Financing ('AML/CTF'), risk and control frameworks and governance. The Correspondence states that the CBI is minded to issue directions to PCSIL pursuant to section 45 of the Central Bank (Supervision and Enforcement) Act 2013.

The Correspondence does not concern EML's Australian or North American operations, or the operations of PFS' UK subsidiary ('Prepaid Financial Services Limited' which is incorporated in England and regulated by the FCA), or EML's other Irish regulated subsidiary ('EML Money DAC')."

ASX Announcement in PDF and at source. 

The Financial Times reported that "EU policymakers round on Lithuania for lax fintech oversight​" (18 May 2021).

In response Lithuania’s central bank insisted it was not “asleep at the wheel” over its regulation of a local fintech, that prosecutors suspect was used to steal more than €100m from Wirecard before it collapsed, and called for greater global sharing of information on financial crime among supervisors.

On 19 May, the Financial Times wrote "Lithuanian central bank rebuffs Wirecard criticism" (19 May 2021).

​Read more at FintechLithuania.com 

On Tuesday 18th May 2021, the UK Financial Conduct Authority issued a Dear CEO Letter to Electronic Money Institutions headed "Please act: ensure your customers understand how their money is protected."

You can read a copy of the letter here.

Some interesting excerpts from the letter below:

What is the UK FCA concerned about?:

• "We are concerned that many e-money firms compare their services to traditional bank accounts or hold themselves out as an alternative in their financial promotions, but do not adequately disclose the differences in protections between e-money accounts and bank accounts. In particular, they do not make it clear that Financial Services Compensation Scheme (FSCS) protection does not apply." 

 

• "We are still concerned that many e-money firms are not adequately disclosing the differences in protections between their services and traditional banking, in particular, that FSCS protection does not apply."

 

• "We are also concerned that firms are giving a potentially misleading impression to customers about the extent to which products or services are regulated by the FCA."

Action expected of emoney firms by the FCA:

1. "you write to your customers within six weeks of the date of this letter [Ed - i.e. 18 May 2021] to remind them of how their money is protected through safeguarding and that FSCS protection does not apply."
2. "draw this letter to the attention of your Board."
3. "expect the Board to have considered the issues we have raised here and to have approved the action taken in response." 

Note the FCA point that the communication to customer be separate from any other messaging or promotional activity. And that the FCA expects emoney firms to consider the appropriate method(s) of communication based on their business model and customer base, including any vulnerable customers. 

Why should emoney action the letter?:

Because the FCA intend to follow up, with a sample of firms, to assess the actions taken. 

Contact the team at CompliReg if you require assistance. 

You can read a copy of the letter here.

European Union Commissioner Mairead McGuinness gave a speech yesterday (Monday 17th March 2021) at AMLintelligence.com Boardroom Series. Like other non-executive directors of regulated companies (obliged entities/designated persons), I took the time to read through the speech.
Issues which caught my eye, not relevant just for traditional financial services, but indeed innovate one like fintech, are:

A) Introduction:

• a rethink of AML strategy is needed if we are to win our fight against crime
• European Union’s future AML system is forthcoming in July in a detailed Action Plan (something to read and absorb if you are fortunate enough to be on holidays)
• transposition at national level of AML requirements can diverge far too easily
• rules for the private sector will be laid down in a directly-applicable EU regulation
• we need to respect the fact that our system is risk-based
• traceability of transfers of virtual assets. So they will be added to the scope of the existing Transfer of Funds Regulation (TFR) [Ed - I hear a lot of 'complaints' about this from crypto exchanges. Many in the tradition finserv world, which have lived with the TFR are thinking "welcome to the party' virtual assets!]

B) AML Package:

"At the heart of our plans are more harmonised rules and a new AML Authority at EU level. The idea is to have common standards, common application and common supervision of our rules. That is as it should be in a single market."

Firstly, 

• The application of AML rules has suffered from a lack of sufficient detail at EU level. This means that transposition at national level can diverge far too easily. And that has resulted in weak links across the internal market. The EU wants this to end.
• Rules for the private sector will be laid down in a directly-applicable EU regulation. There will be the same rules across the EU in the most substantial areas.
• There will be some margin for the Member States in relation to how they want to organise their system, especially as regards the details about how national supervision and Financial Intelligence Units work.
• The EU will continue to respect the fact that our system is risk-based. But when risks are relevant for the EU as a whole, then the EU will act at EU level.
• The list of sectors covered by AML rules will be reviewed in the new proposal. One of the first steps will be to align the EU with the latest Financial Action Task Force (FATF) standards and cover all types of Virtual Asset Service Providers as Obliged Entities.
• Ensuring the traceability of transfers of virtual assets. They will be added to the scope of the existing Transfer of Funds regulation, through which transparency will be imposed on the senders and receivers of payments. The transfers of virtual assets will be accompanied by the full details of sender and beneficiary.
• An important component of the rulebook will be legally binding technical standards to be developed by the future AML Authority.  The aim is to add more granularity to the top level rules in the regulation and bring about more harmonisation.
• Cash is the most important bearer medium. Most proceeds of criminal activity are still cash. The EU is looking at setting an EU-wide upper limit for cash purchases of €10,000 on the basis that a €10,000 limit is high enough not to put into question the euro as legal tender, nor to affect financial inclusion.

Secondly, 

• The flagship of the EU reform is a new AML Authority. It will have a number of different roles:

1. It will be the direct supervisor of certain financial sector entities which operate cross-border and are in the highest risk category;
2. It will act as a coordinator and overseer of national supervisors for other entities, including - with a lighter touch - entities outside the financial sector;
3. It will coordinate and provide support to Financial Intelligence Units;
4. It will also have a regulatory role, preparing technical standards and guidelines;
5. And finally, the new Authority will advise the Commission, for example on AML risks outside the EU.

• The Authority will combine supervisory and FIU coordination tasks under one roof.

If you are wondering about the impact this will have on the director supervisor of the financial sector, this is what Ms Guinness said:

• The AML Authority will provide the EU with a better understanding of the risks facing the EU – so it will have a full picture of the risks and the measures taken to address those risks.
• The roles of direct supervisor in the financial sector and indirect supervisor outside the financial sector should be complementary.
• A limited number of financial institutions would be directly supervised by the Authority, relieving national supervisors of a significant burden.
• Experience in direct supervision, even of a fairly limited number of entities, will enable the Authority to better coordinate national supervisors that supervise the other Obliged Entities.
• The Commission wants to learn from the experience of the Single Supervisory Mechanism which supervises large EU banks.
• Direct supervision should be carried out via Joint Supervisory Teams working with national supervisors, which will also help bring together the Authority and national supervisors.

How will the new Authority be funded?:

• The new Authority will be funded to a significant degree from fees from obliged entities to avoid being an excessive burden on the EU budget.  Fees will be reasonable and manageable.

Why does the new AML Authority come to life?:

• Current planning is for the Authority to get off the ground in 2024, reach full staffing in 2025 and start carrying out direct supervision in 2026.

C: Other AML action:

• In addition to the legislative package, the Commission is the 2020 Action Plan covers three other non-legislative areas. 

1. Consultation on information exchange and public-private partnerships - The idea is to publish guidance by the end of the year. 
2. International co-operation - the Commission plans to deepen involvement in FATF and step up EU coordination on global AML issues.
3. Enforcement - this remains a top priority for the European Commission. This involves proactively looking at how the current regime is applied in all Member States. A key priority is making sure that beneficial ownership registers are up and running and fully populated. The Commission is also working on the cross-border interconnection between national beneficial ownership registers – which should start later this year.  This includes promoting awareness of the importance of beneficial ownership among civil society. Beneficial ownership is one of the areas where the Commission plans to add some clarity to the EU level rules in our upcoming proposals

Copy of Speech is located here.

Linkedin Post Here - https://www.linkedin.com/posts/peteroakes_virtualassets-finserv-regulation-activity-6800460598539816960-UBgz

The Minister for Public Expenditure and Reform, Mr Michael McGrath TD, today published the General Scheme of the Protected Disclosures (Amendment) Bill following approval by Government earlier this week.

The purpose of this Bill is to provide for the transposition of the EU Whistleblowing Directive into Irish law. Ireland is one of just 10 EU Member States to already have comprehensive legal protections for whistleblowers in the form of the Protected Disclosures Act. The Act will be amended to give effect to the Directive and to further enhance and strengthen the protections it provides.

This means that, volunteers, unpaid trainees, board members, shareholders and job applicants will all come within the scope of the Protected Disclosures Act for the first time.

Private sector organisations with 50 or more employees will be required to establish formal channels and procedures for their employees to make protected disclosures, just like the public sector.

Published Scheme available here

Source: www.gov.ie/en/press-release/d263a-minister-mcgrath-publishes-general-scheme-of-protected-disclosures-amendment-bill/#

​I am glad to see that my data and that of the FIU matches for the years 2000, 2001, 2003 & 2004. For 2002 I have 4,390 v FIU figure of 4,397 and in for 2005 I have 10,735 v FIU figure of 9,698 (hardly material). Still I find this strange as my figures were sourced from Garda & FATF reports at the time.   When I published the 2020 figure of 28,865, that was based on the above Irish Times article which was published at least 10 days before the FIU publication which reported 29,631 (2.5% difference - or a rounding error!).

European Union, United Kingdom May 11 2021 by Gabriel Vedrenne, ACAMS

Banks and national regulators should adopt a more finely tuned, risk-based approach towards compliance and supervision to prevent the wholesale offloading of money services businesses and other categories of clients they view as inherently prone to illicit finance.

After publishing more than 400 pages of guidance this month to help financial institutions adopt a more nuanced system for evaluating financial crime-related risk, the European Banking Authority clarified Monday that its intent was to combat the now decade-long de-risking phenomenon, not exacerbate it.

“De-risking can be a legitimate risk management tool in some cases but it can also be a sign of ineffective ML/TF [money laundering and terrorist financing] risk management, with severe consequences,” the EBA said Monday. “It has become apparent that more comprehensive action is needed to address unwarranted de-risking.”

Since the beginning of March, the EBA has listed the threats of money laundering and other crimes affecting the European Union, issued new guidelines on key aspects of risk-based compliance and formally requested feedback on future guidance for risk-based supervision.

Nonprofit groups, especially those in warzones, and asylum seekers without standard due-diligence records, often lack financial services, but the impact of de-risking is much broader, the EBA claimed Monday. MSBs and other cash-intensive businesses also suffer from overly cautious banks, as do firms whose products facilitate anonymity, such as prepaid card providers.

Real estate companies struggle to open and maintain bank accounts, according to the EBA, as do cryptocurrency exchanges, e-money issuers and other firms in emerging sectors that banks perceive as having limited knowledge of anti-money laundering compliance.

“The EBA recalls that a proper risk assessment must include such considerations and cannot be a blind instrument used to get rid of risky clients,” Peter Oakes, former director of enforcement and AML at the Central Bank of Ireland, told ACAMS moneylaundering.com after reviewing Monday’s statement. “Financial institutions must be prepared to answer questions about it.”

Many banks in Europe have grown reluctant to handle the transactions that back remittances to the world’s poorest countries, and now even hesitate to serve real estate agents, soccer clubs, corporate services providers and other parties whose risks they consider unmanageable.

De-risking has also reached U.S. financial institutions and drawn the attention of the Treasury Department’s Financial Crimes Enforcement Network, which encouraged banks in guidance seven years ago to rethink any decision to shun the remittance industry.

“The Bank Secrecy Act does not require, and neither does FinCEN expect, banking institutions to serve as the de-facto regulator of the money services business industry any more than of any other industry,” FinCEN advised in 2014. “It is not possible for a bank to detect and report all potentially illicit transactions that flow through an institution.“

Reputations to consider

A mindset of corporate social responsibility has also led to the termination of accounts and services for companies in industries perceived as risky “from an environmental, security or health perspective,” such as tobacco, weapons and coal.

According to the EBA, this trend has had the perverse effect of encouraging rejected clients to turn to institutions in jurisdictions with lax AML supervision, or worse, to underground banks and other informal channels that operate beyond government supervision.

“The risk associated with individual business relationships may vary, even within one category,” the EBA warned Monday. “The application of a risk-based approach … does not require financial institutions to refuse, or terminate, business relationships with entire categories of customers that are considered to present higher ML/TF risk.”

National regulators should address the trend by improving their grasp of sectoral risks, and pay more attention to the affected industries to restore the trust of banks, the EBA recommended.

“This may include increased supervisory activities in the sector or additional guidance to the sector,” the regulator suggested. “Furthermore, the EBA encourages competent authorities that have not yet performed an assessment of de-risking in their jurisdictions to consider performing such an assessment.”

Several national regulators, including France’s Prudential Supervision and Resolution Authority and Britain’s Financial Conduct Authority, have sought to address de-risking through guidance, public statements and technology.

Since 2011, the Central Bank of Ireland has collected more data on the operational risks of affected businesses through its “Probability Risk and Impact SysteM,” or PRISM, and by requiring financial technology-centric firms, also known as fintechs, to provide more details on their business models than other regulated institutions.

But the extent of de-risking varies greatly across Europe, said Oakes, now a consultant in Dublin.

“Data is the key, and not everyone collects and analyzes the same amount at the same level,” Oakes said. “As EU institutions operate within a framework aimed at reducing regulatory arbitrage and supervisory divergence, it is only a matter of time before uniform operational rules emerge for the entire bloc, even more with regards to the plan to create an EU-wide supervisor.”

In the interim, the EBA encouraged banks to find a path to engage with high-risk clients, such as by adjusting the level and intensity with which they monitor them, or by offering them only basic financial products and services to reduce their exposure to financial crime.

De-risking has also appeared on the agenda of the Financial Action Task Force, which sets global AML standards. The intergovernmental group launched an initiative last month to study and mitigate the consequences of incorrect implementation of its recommendations for a risk-based approach.

Source: https://www.lexology.com/library/detail.aspx?g=4e1d9412-d4d5-475d-8cbf-ca0c0fcf4681

See also - ​https://www.lexology.com/library/detail.aspx?g=eef962ad-80bc-43ed-aece-5c19595ad4a9

The Central Bank of Ireland has released a Dear CEO letter setting out findings under four headings and expected Actions following a Thematic assessment of Algorithmic Trading Firms’ compliance with RTS 6 of MIFID II. 

1. Governance – Deficient control and risk management frameworks:

Varying levels of maturity were observed with respect to firms’ governance, control and risk
management frameworks. Supervisors observed weaknesses with respect to:

• i. The absence of formalised algorithm governance documentation;
• ii. The lack of local entity autonomy evidenced through minimal Board involvement in the
• setting or challenging of the key controls and in the oversight of the development of trading
• algorithms;
• iii. The absence of regular, formalised reporting to the Board in relation to algorithms; and
• iv. The significant reliance placed on Group resources without an appropriate level of
• formalised Group reporting lines.

The Central Bank considers the maintenance of a robust algorithmic governance and oversight
framework to be of paramount importance in enabling firms to identify, monitor and mitigate the
risks associated with algorithm trading strategies. Firms are reminded RTS 6 requires that as part
of its overall governance framework and decision-making framework, an investment firm should
have a clear and formalised governance arrangement, including clear lines of accountability, effective procedures for the communication of information and a separation of tasks and responsibilities. These arrangements should ensure reduced dependency on a single person or unit.


2. Development and Testing - Lack of formal documentation with respect to development,
testing and deployment processes:
Supervisors observed strong development, testing and deployment controls. However, significant
disparities were identified between firms with respect to the level of detail pertaining to
documentation on development, testing and deployment processes most notably:

• i. Firms were unable to provide sufficient detail with respect to their testing environments
• and how the parameters detailed in Article 5 of RTS 6 were embedded.
• ii. There is a lack of adequate information in relation to testing environments used to assess
• the performance of algorithms including assurance that trading algorithms:
• (ii) a. would not contribute to disorderly trading conditions;
• (ii) b. can continue to work effectively in stressed market conditions; and,
• (ii) c. where necessary under those conditions, can be disabled without contributing to
• disorderly trading.
• iii. Where firms are part of larger groups, it was noted that strong reliance was placed on Group entities. While outsourcing the development of trading algorithms is permitted under MiFID II, the investment firms deploying trading algorithms must fully understand the development and testing processes and the subsequent controls required. Outsourcing arrangements must be supported by appropriate documentation at local entity level with respect to the development, testing and deployment processes, be subject to regular review by the appropriate control function and consider the parameters detailed in Article 5 of RTS6.

3. Risk Measurement and Control - Lack of clearly defined Three Lines of Defence:
While it was evident that certain firms had appropriately skilled and resourced second lines of
defence, a number of firms demonstrated an absence of a formalised “Three Lines of Defence
model”. It is important that firms have a robust model in place, with clear delineation between each
line i.e. the business, the risk management functions and the internal audit function. Supervisors
observed:

• i. A blurring of lines between the first line, where the operation and implementation of risk management occurs, and second line management of risk, responsible for oversight of risk management, creating concerns around independence and appropriate separation of duties;
• ii. Within the second line, a lack of clarity between the roles and responsibilities of Risk and Compliance, in some instances, may increase the likelihood for risks to go unidentified or identified risks to go unaddressed;
• iii. An absence of a formalised plan regarding the steps taken by the Head of Compliance or first line in the event that the kill switch has been activated; and
• iv. As required under Article 9 of RTS6, all firms are required to conduct annual self-assessments and produce subsequent validation reports. Supervisors observed three common areas not sufficiently addressed by the majority of firms within the self-assessment:

:

• (iv) a. The adequacy of governance arrangements;
• (iv) b. The lack of appropriate detail with respect to testing methodologies applied and
• testing environments used; and
• (iv) c. A lack of clarity with regard to the third line of defence and the role of Internal Audit in the self-assessment and validation process. As per Article 9(3) of RTS 6, Internal Audit should play a key role in the oversight of the self-assessment and validation process to ensure that the governance and conclusions reached are valid.

 4. Trade Lifecycle Management – Lack of appropriate documentation with respect to pre and
post-trade controls:
The presence of extensive pre and post-trade controls was evident during this Thematic Review
however:

• i. These were not formally reflected in the firms’ policies and procedures, where supervisors identified a lack of adequate documentation regarding these controls and calculation of associated limits.
• ii. Firms did not demonstrate appropriate compliance with Article 15 of RTS 6 with respect to the documentation of the application and usage of appropriate limits. This information must be formally documented within the firms’ algorithmic governance documentation.

Firms must have in place appropriate pre and post-trade controls that are commensurate to the
nature, scale and complexity of the entity and ensure that these controls are appropriately
documented.

Actions
As a result of the findings of this thematic review, the Central Bank has engaged with the
investment firms where specific concerns have been identified, issuing risk mitigation programmes
to address these specific issues.

The Central Bank requires all firms engaging in algorithmic trading to consider the contents of this
letter, where applicable and take all remedial action necessary to ensure that they have the
appropriate control and oversight in place with respect to algorithmic trading and that the
requirements within RTS 6 of MIFID II are being fully adhered to. This letter should be read in
conjunction with the joint ESMA and European Banking Authority (“EBA”) Guidelines on the 
assessment of suitability of members of the management body and key function holders ; EBA
Guidelines on internal governance; and the Central Bank’s Outsourcing: Findings & Issues for
Discussion.

The Central Bank will continue to assess whether firms have taken sufficient steps to reduce risks
arising from algorithmic trading and will have regard to the contents of this letter when conducting
future supervisory engagement. Furthermore, in circumstances of non-compliance by any firm with
the regulatory requirements associated with algorithmic trading, the Central Bank may, in the
course of future supervisory engagement, or when exercising its supervisory and/or enforcement
powers in respect of such non-compliance, have regard to the consideration given by a firm to the
matters raised in the letter. 

Background:

​ The Central Bank of Ireland (“Central Bank”) undertook a thematic review to assess how firms
undertaking algorithmic trading have incorporated within their risk management and control
frameworks the requirements set out in Regulatory Technical Standard C(2016) 4478 (“RTS 6“)
supplementing Directive 2014/65/EU (“MIFID II”). The purpose of this letter is to provide
background to our assessment, highlight the key findings of this review and outline the expectations
of the Central Bank in relation to the governance, testing and controls surrounding algorithmic
trading.

Algorithmic trading gives rise to significant risks stemming from potential failures of algorithms,
information technology (“IT”) systems and processes. In recent years, a number of significant
algorithmic trading failures have resulted in substantial losses, fines and reputational damage for
firms globally. This demonstrates a clear need for all entities engaging in algorithmic trading to
ensure risk management and control frameworks in respect of algorithmic trading are
appropriately embedded and are operating to a high standard. RTS 6 provides a framework to
mitigate these, and other risks, through the requirement to maintain effective systems, procedures,
arrangements and controls.

This thematic review focused on the five principal areas underpinned by the requirements set out
in RTS 6 of MIFID II: (i) Governance; (ii) Development & Testing; (iii) Risk Measurement and
Control; (iv) Processes and Controls; and (v) Trade Lifecycle Management.

The Central Bank noted many positive practices, including the presence of experienced, competent
professionals across the first and second lines of defence, in addition to a comprehensive suite of
controls in terms of monitoring, development, testing and deployment of trading algorithms.
Notwithstanding this, supervisors also identified varying levels of maturity and a number of
concerns across governance, control and risk management frameworks of in scope entities. A full
list of the practices observed are noted in Appendix 1 of this letter. The key concerns arising from
the review include: 

​An over-reliance on service providers with a lack of demonstrable autonomy at regulated
entity level. This was evidenced through a distinct absence of entity Board oversight in
setting or challenging the key controls and in the oversight of the development of trading
algorithms.
ii. Insufficient formality with respect to key documentation. This was evidenced through a
lack of appropriate documentation in relation to algorithmic trading controls and
procedures. This speaks to this sector being at the early stages of maturity and also the
extent to which firms leverage Group documentation, where relevant, which creates a
possibility that entity specific risk may be overlooked.
iii. A lack of clearly defined roles and responsibilities, and in particular a lack of appropriate
delineation between the “Three Lines of Defence”. This is a consequence of a combination
of (i) the scale of certain firms, (ii) the maturity of risk management frameworks and (iii) the
non-specific nature for managing risks associated with algorithmic trading in certain firms.
These do not align with a comprehensive and effective implementation of the requirements set out
in RTS 6.