ESMA Issues Latest Update on MIFIR Q&A Data Reporting

In January 2018, the European Union started implementing the second version of the Markets in Financial Instruments Directive (MIFID II). The comprehensive regulations were meant to protect investors by putting in place measures to prevent exploitation by investment firms. The idea to improve MIFID came after the global financial crisis of 2008/9.

On the 29th of July, the European Securities Markets Authority (ESMA) updated the question and answer (Q&A) in under the MIFID or the Markets in Financial Instruments Regulation (MiFIR). The Q&A document of the MiFIR is a comprehensive 64-page document that aims to answer the key questions about the regulations. To provide more clarity on emerging issues, ESMA regularly updates the Q&A document. Prior to this week’s update, the organization had provided an update in February this year.

The latest update deals with the reporting obligations for financial instruments that have no expiry date. The new answer said that for instruments that have no defined expiry date but whose reporting is mandatory under MIFID rules. The Q&A clarified that in such a case, the field should be populated with the value 9999-12-31 in accordance with the ISO format. Companies should do this until such a time when the expiry date becomes determined by the regulators. When this happens, reporting companies like investment firms, trading venues, systematic internalisers, and ARMs on compliance with the reporting provisions of MiFIR.

This update came after another one was posted in April. The previous update related to how operators of trading venues report instrument reference data in accordance to article 23 of MIFID. In this update, ESMA said that that the obligation to supply the reference data will only be triggered from “from the moment of the inclusion of the instrument into the list”.

Reporting was one of the most consequential issue in the MIFID regulations. This is because companies like investment banks, brokers, and research firms are mandated to report on a wide range of things. For example, investment researchers must report when they publish reports on companies, they have a conflict of interest in.

As the regulations become more polished, the Q&A document will continue being updated. Therefore, if you run a company that reports to ESMA, it is essential that you stay updated on the Q&A section and the regulators website. This is because failure to comply on ESMA provisions attracts huge fines.

EU Publishes List of DPRK Sanctions

The crisis at the Korean Peninsula has been going on for decades. For years, the North Korean government has been trying to develop its own nuclear weapons. The country has been developing the weapons with the goal of protecting itself from South Korea, which is backed by the United States.

In September 2017, the United Nations Security Council (UNSC) passed the UNSCR 2371 and 2375 providing for more sanctions on North Korea. These sanctions were aimed at preventing the North Korean regime from developing nuclear weapons, which is illegal according to the United Nations.

In June this year, the European Union announced that it had renewed its autonomous sanctions on individuals and entities. The sanctions on individuals and entities were put in place for “contributing to the DPRK’s nuclear-related, ballistic -missile-related or other weapons of mass destruction-related programs or for sanctions evasion”.

In the same month, the EU published a comprehensive list of goods, services, and technologies that were illegal to be sold in the country. The goods that were sanctioned were in a number of categories. Like nuclear materials, facilities, and equipment, special materials and related equipment, processing materials, electronics, sensors and lasers, navigation and avionics, and aerospace and propulsion. The sanctions also applied to software and technology that are required to produce the goods in the previous categories.

The goal of all these sanctions is to ensure that North Korea does not produce nuclear weapons. In a statement, the EU said that it believed that lasting peace in the Korean Peninsula must be achieved by peaceful means. The EU expressed that diplomatic processes must be the only way to achieve peace and prosperity in the Peninsula.

These sanctions came at a time when Donald Trump has been trying to persuade the Kim regime to give up the nuclear weapons in exchange of prosperity. While Kim has expressed readiness for talks, he has insisted that the heavy sanctions be removed first.

EU Extends Russian Sanctions Over Crimea Annexation Until January 2020

In 2014, Russia violated international law when it annexed part of Ukraine. The crisis led to the death of more than 13,000 people, including those in a Malaysian passenger plane. In response to the illegal annexation, the international community, including the United States and European Union imposed heavy sanctions on the country.

In June this year, the European Union renewed the sanctions imposed against Russia and extended them until January 2020. The first sanctions were put in place in March 2014 and were then strengthened after the downing of the Malaysian jet. While Russia denied shooting down the jet, a Dutch-led investigative team concluded that three Russians were involved.

The sanctions put in place against Russia included curbs on Russian energy, defense, and financial sectors. The sanctions also ban European Union countries from doing business with Crimea, the area that Russia annexed. Further, these sanctions extend to a number of Russian citizens who are believed to be beneficiaries of the annexations. 44 Russian companies have also been sanctioned by the EU.

The extension of these sanctions came a few months after the EU extended sanctions related to the misappropriation of Ukrainian state funds by Russia.

In addition, the EU announced that it was considering additional sanctions after Russia announced that it would start allowing Ukrainians in Crimea to get Russian passports. Calls for these sanctions have come from Russian hawks countries like Poland and Lithuania. However, passing these sanctions will be a bit difficult because all EU members must vote to support them.

There is also a conflict on the arrests made by both Russia and Ukraine. Russia has arrested 24 Ukrainian sailors while Ukraine has arrested a number of Russians. In a current statement, President Putin said that the release of these sailors must go hand in hand with the release of the Russians held in Ukraine.

Unicredit Receives a €130k Fine in Romania For Failing to Safeguard User Data

On May 2018, the European Union (EU) member states started implementing the General Data Protection Regulation (GDPR) regulations. These regulations were meant to safeguard data from website and app users. Under these regulations, companies that fail to meet the various data protections safeguards will attract fines that are set by the local regulators.

This month, Unicredit Bank became the first major recipient of the fine, which was issued in Romania. This is after the bank breached the provisions of Article 25 (1) of the GDPR regulations. In the accompanying statement, the Romanian regulators said that the bank failed to implement the needed technical and organizational measures in the processing of the user data. This mistake led to the illegal disclosure of data related to the personal identity number and address of more than 300k clients. In response, the Romanian National Supervisory Authority imposed a fine of 613k lei, which is equivalent to about EUR 130k. While this amount is large, it is peanuts to Unicredit, which is valued at almost $15 billion.

In all parts of Europe, companies have started paying close attention to how they treat customer data. This is because they want to stay in line with the GDPR regulations, avoid the long litigation period, and also avoid the fines. With the new GDPR regulations, companies can be fined up to EUR 20 million for not following the law. Alternatively, the regulators can fine them 4% of their annual global turnover. This amount depends on the size of the company and the severity of the breach. Already, companies have already started receiving the fines. This year, British Airways (BA) received a GBP 183 million fine for a data bleach that exposed personal data of more than 500k customers. This amount totaled 1.5% of the company’s global turnover. Marriot, the hotel chain received a GBP 113 fine for exposing user data. Before the GDPR came into effect, Facebook was fined GBP 500k for leaking data of more than 87 million users. If the GDPR regulations were effective, the company would have paid more than GBP 1.26 billion.

Therefore, given the severity of these fines and the longevity of the litigation process, companies are investing a lot in technology and in compliance officers. At IFSA, we are experts in compliance and helping companies stay on the right side of the law. This is as Europe continues coming up with strict regulations such as the MIFID regulations.